On Thu, 2023-01-26 at 12:11 +0000, Florian Vierke via mailop wrote: > I have understood it that way: > > If you implement DMARC as a recipient, you must check for DKIM and > for SPF, exactly because one of them is sufficient to pass. If you do > only check SPF as a receiver and the sender is authenticating via > DKIM, an SPF fail would directly lead to a DMARC fail, which isn't > correct. >
Sure, but you don't appear to be disagreeing with my point. :-) The poster I was replying to was arguing about policy decisions from *senders*, not recipients. As the recipient, you must check both but be prepared to accept the mail if SPF passes and there is no (or no valid) DKIM signature attached to the mail - i.e. it is perfectly valid for a sender to publish a DMARC policy and an SPF record but not DKIM-sign their mails. Regards, Adam _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
