> On Jun 17, 2023, at 8:41 PM, Murray S. Kucherawy <superu...@gmail.com> wrote: > > On Sat, Jun 17, 2023 at 2:40 PM Ken Simpson <ksimp...@mailchannels.com > <mailto:ksimp...@mailchannels.com>> wrote: >> FWIW, I'd like to chuck my hat in the ring on the side of removing SPF from >> the next iteration of DMARC. As the operator of an email delivery service >> with tens of millions of primarily uncontrolled senders on web hosting >> servers, it would be great if domain owners could assert via their DMARC >> record that receivers should only trust DKIM-signed email. > > Can these senders not accomplish the same thing by removing the SPF record > altogether? > > -MSK, participating
Isn’t SPF, DKIM and alignment are all required for DMARC1 passage? Failure if any are missing? Even then, with no SPF, what would remain for a reduced DMARC2 requirement is a 1st party DKIM signature only. No 3rd party. When we resolve this part, “I can die and finally go to heaven." Note, from my pov, SPF was always separate from any payload DKIM-based policy protocol process because there are receivers who will reject at SMTP before DATA or DMARC consideration. For these optimized systems, DMARC would only ever see a SPF = pass, softfail, neutral or none/unknown but never a spf=reject unless the implementation delayed SPF rejects until DMARC can be processed. — HLS
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
