On 01/28/2014 02:52 PM, Rolf E. Sonneveld wrote:
Please re-read my message. I didn't mentioned a 'DMARC pass', I mentioned the result of SPF as input to the DMARC decision process. In that regard, neither SPF -all, nor ~all nor ?all give an 'SPF pass' input to DMARC.
While it is literally true that -all/~all/?all don't yield passes, this is not how most people would interpret your message: it comes across as though you are trying to claim that an SPF record with -all/~all/?all at the end of it can't yield a pass despite that clearly not being true (any SPF pass being a result of an earlier part of the record).
In either case, this does not affect DMARC operation. When SPF evaluation passes, DMARC interprets that as a pass (for the 5321.MailFrom domain), regardless of which of -all/~all/?all is used, or even if none of them are used. It would be rather unusual to implement DMARC without DKIM, but is not impossible.
I'd suggest that the more important question is what the OP is trying to achieve with DMARC in the first place. Given that they don't have DKIM implemented they presumably don't have a spoofing problem, in which case DMARC is of limited value other than for monitoring (in which case the absence of DKIM isn't a problem).
- Roland _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
