On 1/7/25 7:48 AM, Tero Kivinen wrote:
John Levine writes:
It appears that Michael Thomas <[email protected]> said:
Didn't Tero say that there used to be a MUST somewhere that made
explicit that both SPF and DKIM MUST be evaluated? If so, why was it
taken out and why can't it be put back in to clear his issue? There is a
like absolutely no rationale for receivers to not verify DKIM these
days. Even 20 years ago it wasn't an issue.
I think the current language is clear enough.
I really like words MUST when you are making mandatory requirements. I
know lots of people who only search for those MUST/SHOULD etc keywords
when they read RFCs, so having proper MUST in 5.3.3 is MUST...
Tero is exactly right here. I know that dev groups do the keyword search
for MAY MUST SHOULD all of the time for RFC's. MAY's are ignored
generally, and MUST's are accounted for in dev planning.
Mike
_______________________________________________
dmarc mailing list -- [email protected]
To unsubscribe send an email to [email protected]
