On 01/28/2014 12:45 AM, Franck Martin wrote:
*From: *"Rolf E. Sonneveld" <r.e.sonnev...@sonnection.nl>
*To: *"George Moje" <george.m...@computershare.com>,
"dmarc@ietf.org" <dmarc@ietf.org>
*Sent: *Monday, January 27, 2014 3:04:13 PM
*Subject: *Re: [dmarc-ietf] DMARC implementation Question
On 01/24/2014 02:18 PM, George Moje wrote:
Currently we are using SPF records but no DKIM. Can we
implement DMARC with just SPF records?
according to par. 3.1.3 of the DMARC spec
(https://datatracker.ietf.org/doc/draft-kucherawy-dmarc-base)
DMARC assumes an author to setup and apply DKIM signing.
Apart from that: be very careful when using only SPF in
combination with DMARC: please take into account that for DMARC
there's no difference between an SPF -all, ~all and ?all
situation. None of them provide a 'pass' for DMARC, if I read the
spec correctly.
No,
If the policy is p=none, DMARC should not override the SPF policy
(especially for -all), DMARC with p=none, does not change the way the
email is treated in regards of SPF or ADSP. If p!=none then DMARC
tells the receiver to not action on the SPF policy and tell the
receiver to ignore ADSP, as DMARC will now tell how to handle the email.
Please re-read my message. I didn't mentioned a 'DMARC pass', I
mentioned the result of SPF as input to the DMARC decision process. In
that regard, neither SPF -all, nor ~all nor ?all give an 'SPF pass'
input to DMARC. In addition to that, if the DNS lookup for the SPF
record fails, it's up to the receiver to decide to give a tmpfail or a
permanent fail. That was the reason I said: be careful when applying the
combination SPF + DMARC without DKIM, as it may result in rejection of
valid mail (in case p!=none).
However, regardless of the DMARC p=, DMARC takes the result of the SPF
test (pass, soffail, fail,...) and if there is a pass, compare the
domain used by SPF for its pass with the domain in the From:. If there
is alignment then you have a DMARC pass. You don't need DKIM to have a
DMARC pass.
you need to do SPF and DKIM on all your emails for p!=none, because in
some cases SPF is more suitable than DKIM and vice versa, so you want
the benefit of both.
Right.
/rolf
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc