See, I don't look at it as "harmed". Rather, I think they're using "we use SPF" as a *reason* not to use DKIM, and I think that *causes* harm.
SPF is, as I see it, worse than useless, as it adds no value to domain that use DKIM -- any time DKIM fails SPF will also fail -- and actually impedes the adoption of DKIM. Reliance on SPF causes DMARC failures that result in deliverability problems for legitimate mail. I wholeheartedly support removal of SPF as an authentication mechanism that DMARC accepts. Barry, as participant On Thu, Jun 8, 2023 at 3:30 PM Seth Blank <seth= 40valimail....@dmarc.ietf.org> wrote: > Participating, I have data that I believe points to a long tail of > businesses who predominantly only authenticate on behalf of others using > SPF, and would be harmed by such a change. It will take me a little while > to confirm and share. > > I also know a predominant ccTLD with millions of registrations, that has > SPF on roughly 80% of them, but DMARC on barely 5%. I don't have data on > DKIM for those, but I assume it's closer to the DMARC penetration than the > SPF one. I'll see if I can get this data to share more publically, and also > get the DKIM answer. > > Of course the goal is aligned dkim with a stated policy, but I don't think > the data supports us being anywhere close to that realistically. > > As Chair, this is a valuable conversation to have with real data on > problems and opportunities at scale, and am excited to see Tobias share and > see what others have to say. > > Seth > > On Thu, Jun 8, 2023 at 3:21 PM Murray S. Kucherawy <superu...@gmail.com> > wrote: > >> On Thu, Jun 8, 2023 at 6:00 AM Tobias Herkula <tobias.herkula= >> 401und1...@dmarc.ietf.org> wrote: >> >>> My team recently concluded an extensive study on the current use and >>> performance of DMARC. We analyzed a staggering 3.2 billion emails, and the >>> insights drawn are quite enlightening. Of these, 2.2 billion emails >>> (approximately 69%) passed the DMARC check successfully. It's quite an >>> achievement, reflective of our collective hard work in fostering a safer, >>> more secure email environment. >>> >>> >>> >>> However, upon further analysis, it's evident that a mere 1.6% (or >>> thirty-six million) of these DMARC-passed emails relied exclusively on the >>> Sender Policy Framework (SPF) for validation. This is a remarkably low >>> volume compared to the overall DMARC-passed traffic, raising questions >>> about SPF's relevancy and the load it imposes on the DNS systems. >>> >>> >>> >>> Given the current use case scenarios and the desire to optimize our >>> resources, I propose that we explore the possibility of removing the SPF >>> dependency from DMARC. This step could result in a significant reduction in >>> DNS load, increased efficiency, and an accurate alignment with our >>> predominant use cases. >>> >>> [...] >>> >> >> Does anyone have consonant (or dissonant) data? >> >> -MSK, participating >> _______________________________________________ >> dmarc mailing list >> dmarc@ietf.org >> https://www.ietf.org/mailman/listinfo/dmarc >> > > > -- > > *Seth Blank * | Chief Technology Officer > *e:* s...@valimail.com > *p:* 415.273.8818 > > This email and all data transmitted with it contains confidential and/or > proprietary information intended solely for the use of individual(s) > authorized to receive it. If you are not an intended and authorized > recipient you are hereby notified of any use, disclosure, copying or > distribution of the information included in this transmission is prohibited > and may be unlawful. Please immediately notify the sender by replying to > this email and then delete it from your system. > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
