In article <CAL0qLwbTcYvf9HKREQi=w_lk8egra+k1v-qhs5zo_u25iun...@mail.gmail.com>, Murray S. Kucherawy <superu...@gmail.com> wrote: >Another way to look at this: DKIM (and I believe SPF) only really tells you >something interesting when it passes. That means (for DKIM) the content >was unmodified, and the signature is validated by a key that is verifiably >present in some domain's DNS data. ...
Yes, exactly. With SPF, no sensible person rejects mail on SPF -ALL other than the special case of plain -ALL that means it sends no mail whatsoever. Other than that, neither DKIM nor SPF can distinguish between "this is fake" and "this was sent by a route that SPF/DKIM can't describe." -- Regards, John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
