> On Apr 7, 2024, at 6:20 PM, Scott Kitterman <skl...@kitterman.com> wrote: > > > >> On April 8, 2024 1:02:53 AM UTC, Neil Anuskiewicz >> <neil=40marmot-tech....@dmarc.ietf.org> wrote: >> >> >>>> On Apr 7, 2024, at 7:00 AM, Neil Anuskiewicz <n...@marmot-tech.com> wrote: >>> >>> >>> >>>> On Apr 7, 2024, at 6:54 AM, Tero Kivinen <kivi...@iki.fi> wrote: >>>> >>>> Scott Kitterman writes: >>>>> I hear you. Your operational issue is my system working as designed. >>>>> DMARC works on top of SPF, it doesn't change it. >>>> >>>> Yes, DMARC works on top of SPF, and DKIM and provides policy layer. We >>>> are trying to change the fact that people rely purely on SPF, and try >>>> to get them moved to use DMARC istead, and we are trying to explain >>>> that if you do SPF inside the DMARC context, you get exactly same >>>> policy results you get as when you do SPF before, except you get it >>>> better, as you have more data available. Using -all would be >>>> completely ok if everybody would be doing DMARC, but as there are some >>>> systems which do SPF outside DMARC, and there having -all might >>>> shortcircuit DMARC out from the equation, we should provide guidance >>>> to those people how they can get best results in current environment. >>>> Thus the best current practice should be use to use ~all instead of >>>> -all if you are trying to use DMARC, and want other systems to >>>> actually act based on your DMARC policy. >> >> The problem I see is that some receivers never got the memo and still >> enforce just on an SPF hard fail which only creates fear, uncertainty, >> doubt, and annoyance. > > > If there's FUD, it's due to claiming it is a significant problem for DMARC. > Everyone has a different mail stream, so YMMV, but in my experience this is > approximately never an issue. This is only even potentially an issue when > Mail From aligned and SPF is fail. I don't recall the last time I saw that > happen for a message that also passed DKIM (and d= was aligned). > > What is the overwhelming case for me is Mail From is not aligned (like this > mailing list) and SPF is pass, none, neutral, etc. Even if the receiver > rejects SPF fail, it almost never comes up. Then the DMARC result is a > function of the DKIM signature verifying and being aligned. The fact that my > domain has a -all SPF record virtually never matters for DMARC. > > So let's move on...
Let’s move on. _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc