Maybe just add a sentence to the end of the second paragraph: The use of SPF alone, without DKIM, is strongly NOT RECOMMENDED.
Barry On Thu, Apr 13, 2023 at 12:04 PM Todd Herr <todd.h...@valimail.com> wrote: > On Thu, Apr 13, 2023 at 11:21 AM Barry Leiba <barryle...@computer.org> > wrote: > >> > Anyone who does forwarding is damaged by DMARC because there are a lot >> of >> > people who do DMARC on the cheap with SPF only. >> >> This brings up another issue, I think: that there should also be >> stronger advice that using DKIM is critical to DMARC reliability, and >> using SPF only, without DKIM, is strongly NOT RECOMMENDED. >> >> I don't disagree. > > How do we make the following text stronger? > 5.5.2. > <https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-27.html#section-5.5.2>Configure > Sending System for DKIM Signing Using an Aligned Domain > <https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-27.html#name-configure-sending-system-fo> > > While it is possible to secure a DMARC pass verdict based on only one of > SPF or DKIM, it is commonly accepted best practice to ensure that both > authentication mechanisms are in place to guard against failure of just one > of them. > > This is particularly important because SPF will always fail in situations > where mail is sent to a forwarding address offered by a professional > society, school or other institution, where the address simply relays the > message to the recipient's current "real" address. Many recipients use such > addresses and with SPF alone and not DKIM, messages sent to such users will > always produce DMARC fail. > <https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-27.html#section-5.5.2-2> > > The Domain Owner SHOULD choose a DKIM-Signing domain (i.e., the d= domain > in the DKIM-Signature header) that aligns with the Author Domain. > > > -- > > *Todd Herr * | Technical Director, Standards and Ecosystem > *e:* todd.h...@valimail.com > *m:* 703.220.4153 > > This email and all data transmitted with it contains confidential and/or > proprietary information intended solely for the use of individual(s) > authorized to receive it. If you are not an intended and authorized > recipient you are hereby notified of any use, disclosure, copying or > distribution of the information included in this transmission is prohibited > and may be unlawful. Please immediately notify the sender by replying to > this email and then delete it from your system. >
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc