On 20/05/2020 06:31, Roshan Hiripitiyage via dmarc-discuss wrote:
Can we enable DMARC just by enabling only SPF?, without DKIM? If it's
possible what are the issues we will come across without DKIM?
Yes you can.
AIUI, the problem with SPF (other than misconfiguration) is that
forwarding breaks it. When DMARC can use DKIM as well, then a simply
forwarded message should pass the DKIM checks, but not the SPF check.
That will mean that the DMARC check will still pass with forwarded
messages.
It'll still fail the DMARC check if something modifies the message
content (*as well* as forwarding the message), breaking the DKIM
signature as well (eg a 'this message was virus scanned by ...' or
mailing list modifications).
Allowing either SPF and DKIM to pass the message cuts down on the number
of false positives.
--
Paul
--
Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53
Sign up for news & updates at http://www.pscs.co.uk/go/subscribe
_______________________________________________
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)