On Mon 02/Dec/2024 03:49:31 +0100 Tero Kivinen wrote:
Richard Clayton writes:
(b) some small mailbox providers believe in the value of SPF to do
early stage filtering of mailflows and may penalise your domain for
not having any SPF at all.
Doing early SPF filtering is against DMARCbis document, as DMARCbis
document do require checking both DKIM and SPF, and those who do early
filtering of the emails based on the SPF, usually do it before
actually seeing the email, thus they do not even know if the emails
have DKIM headers or not.
I don't think so. There are several things that can occur to prevent message
reception besides SPF, including DNSBLs. DMARC protocol begins /in case/ a
message is received. Discarded messages don't count.
Anybody doing early stage filtering of mailflows based on the SPF, and
not checking DKIM is not following the DMARCbis document, thus they
are out of scope of the DMARCbis discussion.
Issue #66 "Describe what it means to have implemented DMARC #14" eventually
resulted in Appendix C.6. There is no DMARC medal.
You are allowed to do SPF only separately. You are not allowed to do
SPF only when you claim to do DMARCbis.
What would one claim to do DMARCbis for?
I think the current document is clear about that, but perhaps we
should make it even more obvious, and explicitly say so.
Section 7.1, "Issues Specific to SPF" is very esplicative. Normatively, it
just says that domain owners should (lowercase) be aware of this.
Personally, I publish "?exists:%{ir}.list.dnswl.org -all" and on reception
whitelist as specified in Appendix D of RFC 7208. It works decently well for me.
Best
Ale
--
_______________________________________________
dmarc mailing list -- dmarc@ietf.org
To unsubscribe send an email to dmarc-le...@ietf.org
