It appears that Michael Thomas <[email protected]> said: > >If we are going under the assumption that both SPF and DKIM have their >own strengths and weaknesses with respect to being able to verify where >a piece of email came from (or passed through too in the case of DKIM), >a sender needs the confidence that the receiver implement both of them >before they set a reject policy which could lead to deliverability >issues. It is utterly irrelevant what is currently deployed in the field >right now -- it's a new proposed standard, after all. Both SPF and DKIM >have their own policy mechanisms and if you are a SPF-only shop you can >use its mechanism if you feel brave enough.
That is both what 7489 says and what the current draft says. Every DMARC implementation I know checks both SPF and DKIM. We considered and rejected proposals to deprecate SPF, or to add a flag saying to check only one or the other. If you think the draft needs changes, it'd be helpful if you could send text. R's, John _______________________________________________ dmarc mailing list -- [email protected] To unsubscribe send an email to [email protected]
