It appears that Barry Leiba said:
>I'm saying I don't want "and" to be an option, because I think it's
>damaging to DMARC. There is no reason anyone should ever want to say
>that, and providing the option asks for misconfigurations because
>people think it's somehow "more secure". It's not
I'm saying I don't want "and" to be an option, because I think it's
damaging to DMARC. There is no reason anyone should ever want to say
that, and providing the option asks for misconfigurations because
people think it's somehow "more secure". It's not more secure. It
would be very bad for
DKIM+SPF says "our domain, including subdomains covered by this policy,
will never use an ESP". (Since most ESP messages pass SPF based on the ESP
domain)
This seems unlikely to be a reliable assertion, so the effect on
disposition is likely to be strongly negative, even without the effect on
On Mon 26/Jun/2023 14:51:34 +0200 Barry Leiba wrote:
If we consider this sort of thing, I want to push to keep one thing
off the table:
Saying that SPF *and* DKIM *both* have to pass is a VERY BAD approach.
Let's please just remove that from consideration. It has not been in
DMARC up to this
Just to clarify something:
On Mon, Jun 26, 2023 at 5:52 AM Barry Leiba wrote:
> I can accept some mechanism for the sender to say "SPF only", "DKIM
> only", or "either SPF or DKIM". I cannot except a version of DMARC
> where *both* must pass.
>
I think the proposal before us is to allow the
Barry,
I understand your concerns. Use SPF *and* DKIM could cause issues for
any kind of mail conferencing and forwarding. Situation are quite
complicated right now. Use of these method, as well as combination of
these methods, could lower deliverability due protection mechanism
contrary of
On June 26, 2023 12:51:06 PM UTC, florian.kun...@telekom.de wrote:
>
>> In theory, DKIM is enough for DMARC (this was always true), but in practice
>> it
>> is not.
>
>May be you can afford to use SPF, DKIM, DMARC in pure theory for your day job,
>but people here expect to apply it to solve
> In theory, DKIM is enough for DMARC (this was always true), but in practice it
> is not.
May be you can afford to use SPF, DKIM, DMARC in pure theory for your day job,
but people here expect to apply it to solve real problems with real email in
real life.
*SCNR* ... do not take that
If we consider this sort of thing, I want to push to keep one thing
off the table:
Saying that SPF *and* DKIM *both* have to pass is a VERY BAD approach.
Let's please just remove that from consideration. It has not been in
DMARC up to this point, and it would be really bad to add it.