If we are going under the assumption that both SPF and DKIM have their own strengths and weaknesses with respect to being able to verify where a piece of email came from (or passed through too in the case of DKIM), a sender needs the confidence that the receiver implement both of them before they set a reject policy which could lead to deliverability issues. It is utterly irrelevant what is currently deployed in the field right now -- it's a new proposed standard, after all. Both SPF and DKIM have their own policy mechanisms and if you are a SPF-only shop you can use its mechanism if you feel brave enough.
This is especially true because the only thing that has really changed in the last 20 years is trying to unify the policy mechanisms between SPF and DKIM on the theory that they produce a sort of belt and suspenders mechanism for authentication which is better than each other's policy mechanism on its own. To say that SPF or DKIM is optional is to question of what the point any of this is.
Mike, 20 years -- sheesh _______________________________________________ dmarc mailing list -- [email protected] To unsubscribe send an email to [email protected]
