> On Feb 5, 2022, at 2:08 PM, David Bürgin <dbuer...@gluet.ch> wrote:
>
> post...@ptld.com:
>> If you are going to use DMARC then you do not need to mess around with or
>> install policyd-spf.
>> OpenDMARC has built in SPF lookup, it adds a header with the SPF results,
>> and uses it in deciding if the email passes DMARC or not.
>
> OpenDMARC’s is a defective implementation of SPF. Some of the issues are
> listed in https://github.com/trusteddomainproject/OpenDMARC/issues/169,
> but there are several more around DNS lookup limits etc.
>
> If you want SPF done properly, use a dedicated SPF component (of which
> there are several).
We are considering (and the latest releases release notes say) deprecating the
internal SPF libs, and currently recommend using libspf2, which is not perfect,
but at least spares us having to maintain our own internal implementation.
-Dan
