> On Jun 22, 2023, at 9:54 AM, Scott Kitterman <skl...@kitterman.com> wrote:
>
> My conclusion (it won't surprise you to learn) from this thread is precisely
> the opposite.
>
> In theory, DKIM is enough for DMARC (this was always true), but in practice
> it
> is not.
>
> I don't think there's evidence of a systemic weakness in the protocol. We've
> seen evidence of poor deployment of the protocol for SPF, but I think the
> solution is to fix that (see the separate thread on data hygiene).
>
> Scott K
>
Scott, this all started as a way to add weight to a SPF=SOFTFAIL using ADSP.
Microsoft started it and DMARC came out with a surprising even tighter rule for
DKIM+SPF alignment.
SPF rejects immediately issued an 55z the transaction, confused DMARCers.
Let’s keep in mind SPF pre-dated DMARC.
SPF softfail results were interesting to see how a DKIM signature may help.
Microsoft’s idea before DMARC.
Overall, DMARC created a Link with SPF that wasn’t thoroughly reviewed with the
IETF. It skipped the process as an Informational proposal. Now as a standard
track DMARCbis, we see all the problems.
How is this problem fixed with client/server protocol negotiating software?
—
HLS
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc