On Aug 23, Doug Barton <[email protected]> wrote: > Fortunately SPF is dead simple, Indeed, since SPF is dead simple it also has bad failure modes which break many common practices. This is why DMARC best practices require to use both SPF and DKIM (which has different failure modes, but at least they can usually be blamed on bad software used by intermediaries) in the hope that at least one will validate.
> and DKIM isn't that much harder. In fact for > one domain it's also dead simple (ProTip: Use OpenDKIM). I couldn't find a The problem is managing it for tens of thousand of domains, when you often do not manage their DNS zones as well. The support cost of teaching customers how to implement it is significant enough that for now blocking IPv6 to gmail is much easier. (Also, if you manage just a couple of domains on your own personal server you will probably not have reputation issues with gmail, so this is barely relevant.) -- ciao, Marco
signature.asc
Description: Digital signature
