John R Levine writes: > >>>> So would I but there's way too many SPF-only DMARC users and it would be > >>>> a breaking change. > >>> > >>> So we have SPF-only DMARC users, and DKIM-only DMARC users, and > >>> they could easily come to opposite conclusions about the same > >>> message. Maybe it’s not interoperability in the same sense as > >>> disjoint cipher suites, but this seems like an interoperability > >>> problem to me. > >> > >> Um, this would be a good time to reread RFC 7489, > > > > I don’t see why something in a previous informational > > specification would have any bearing on the interoperability > > characteristics here. If there’s something there that needs to be > > said in dmarcbis, it should be in dmarcbis. > > There is no interop issue, and nothing about this aspect of DMARC > has changed since RFC 7489.
RFC 7489 clearly states that "Mail Receivers MUST perform" steps that includes both DKIM verification and SPF validation checks. I.e., in RFC7489 section 6.6.2 says that Mail receivers MUST implement both DKIM and SPF. The DMARCbis changed this to say: For each Authentication Mechanism underlying DMARC, perform the required check to determine if an Authenticated Identifier (#authenticated-identifier) exists for the message if such check has not already been performed. (section 5.3.3), which is does not use RFC2119 keywords anymore (RFC7489 did use RFC2119 keywords), and is quite ambiguous what it really means, especially as it seems some people here seems to read that mail receiver can only do SPF or DKIM. > If you don't agree please identify the part of the draft that causes the > putported interop problem. RFC7489 section 6.6.2 was clear that Mail Receivers MUST implement both SPF and DKIM. DMARCbis is no longer clear in this aspect. -- [email protected] _______________________________________________ dmarc mailing list -- [email protected] To unsubscribe send an email to [email protected]
