On 23 Dec 2024, at 19:11, John R Levine wrote:
>>>>> So would I but there's way too many SPF-only DMARC users and it would be >>>>> a breaking change. >>>> >>>> So we have SPF-only DMARC users, and DKIM-only DMARC users, and they could >>>> easily come to opposite conclusions about the same message. Maybe it’s not >>>> interoperability in the same sense as disjoint cipher suites, but this >>>> seems like an interoperability problem to me. >>> >>> Um, this would be a good time to reread RFC 7489, >> >> I don’t see why something in a previous informational specification would >> have any bearing on the interoperability characteristics here. If there’s >> something there that needs to be said in dmarcbis, it should be in dmarcbis. > > There is no interop issue, and nothing about this aspect of DMARC has changed > since RFC 7489. > > If you don't agree please identify the part of the draft that causes the > putported interop problem. Perhaps it’s a matter of clarity. I can’t find any normative language that says that the mail receiver MUST check both DKIM and SPF, although Sec. 5.3.3 says, “For each Authentication Mechanism underlying DMARC, perform the required check,” which might be interpreted as an imperative requiring them to check both. But your earlier concern about causing a breaking change to SPF-only DMARC users has me puzzled. Can mail receivers only implement SPF verification under DMARC? Or was the reference to SPF-only DMARC users talking about senders who only have SPF records and don’t sign with DKIM? -Jim _______________________________________________ dmarc mailing list -- [email protected] To unsubscribe send an email to [email protected]
