In article <CAOXFXsuLdsZgA-uJEDApRgW6bmzx5cORbiy=2km9tnxhjqb...@mail.gmail.com> you write: >-=-=-=-=-=- > >If a sender's IP is in SPF, so SPF passes; and the applied DKIM signature >is successfully decrypted, so DKIM passes; what good is checking alignment >and rejecting a message?
The short answer is that bad guys can publish SPF and DKIM just as well as good guys. Anecdotally, it appears that bad guys are better at it than good guys. The point of DMARC is not just that a message is authenticated, but that it is authenticated by the same domain that's on the From: line, which makes it highly likely that the message is actually from who it appears to be from, rather than from some random crook with an SPF record and a DKIM signer. There are certainly plenty of ways that DMARC can do unfortunate things but in this case it's working as intended. _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
