+1 > On Jun 27, 2023, at 11:06 AM, Tobias Herkula > <tobias.herkula=401und1...@dmarc.ietf.org> wrote: > > Signing That, nothing to add. > > -----Original Message----- > From: dmarc <dmarc-boun...@ietf.org> On Behalf Of Barry Leiba > Sent: Tuesday, June 27, 2023 4:24 PM > To: Alessandro Vesely <ves...@tana.it> > Cc: dmarc@ietf.org > Subject: Re: [dmarc-ietf] easier DKIM, DMARC2 & SPF Dependency Removal > > I don't understand how most of your message fits into this discussion: > you're comparing SPF's policy points with DMARC policy. we're talking about > SPF as an authentication mechanism together with DKIM (not > DMARC) as an authentication mechanism... and then using those authentication > results in DMARC policy evaluation. > > But here: I've said all this before in separate places, so I'll put it in one > place, here, one more time: > > Given that SPF and DKIM are both configured properly: > 1. If SPF passes, DKIM will always pass. > 2. If DKIM fails, SPF will always fail. > 3. In some scenarios, DKIM will pass when SPF fails.
Yes, since SPF comes first, by far, in my empirical field experience, if SPF fails, odds are good DKIM will fail. But if DKIM passes, then it can be interesting to see if this can fix a false positive with SPF. — HLS
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
