On Thu, Jun 8, 2023 at 10:44 AM Barry Leiba <barryle...@computer.org> wrote:
> See, I don't look at it as "harmed". Rather, I think they're using "we > use SPF" as a *reason* not to use DKIM, and I think that *causes* harm. > That might be true but does not address whether or not SPF is/can be useful in the context of DMARC validation. > > SPF is, as I see it, worse than useless, as it adds no value to domain > that use DKIM -- any time DKIM fails SPF will also fail -- and actually > impedes the adoption of DKIM. Reliance on SPF causes DMARC failures that > result in deliverability problems for legitimate mail. I wholeheartedly > support removal of SPF as an authentication mechanism that DMARC accepts. > I'm going to disagree with you on this, having experience with billions of emails sent with both SPF and DKIM used in the context of DMARC validation. A sender using both SPF and DMARC will see a slight boost in validation rates due to increased resiliency when there are transient DNS failures and other problems. A small percentage of a very large number is still a large number. Let's not throw the baby out with the bath water. > > Barry, as participant > Michael Hammer > > On Thu, Jun 8, 2023 at 3:30 PM Seth Blank <seth= > 40valimail....@dmarc.ietf.org> wrote: > >> Participating, I have data that I believe points to a long tail of >> businesses who predominantly only authenticate on behalf of others using >> SPF, and would be harmed by such a change. It will take me a little while >> to confirm and share. >> >> I also know a predominant ccTLD with millions of registrations, that has >> SPF on roughly 80% of them, but DMARC on barely 5%. I don't have data on >> DKIM for those, but I assume it's closer to the DMARC penetration than the >> SPF one. I'll see if I can get this data to share more publically, and also >> get the DKIM answer. >> >> Of course the goal is aligned dkim with a stated policy, but I don't >> think the data supports us being anywhere close to that realistically. >> >> As Chair, this is a valuable conversation to have with real data on >> problems and opportunities at scale, and am excited to see Tobias share and >> see what others have to say. >> >> Seth >> >> On Thu, Jun 8, 2023 at 3:21 PM Murray S. Kucherawy <superu...@gmail.com> >> wrote: >> >>> On Thu, Jun 8, 2023 at 6:00 AM Tobias Herkula <tobias.herkula= >>> 401und1...@dmarc.ietf.org> wrote: >>> >>>> My team recently concluded an extensive study on the current use and >>>> performance of DMARC. We analyzed a staggering 3.2 billion emails, and the >>>> insights drawn are quite enlightening. Of these, 2.2 billion emails >>>> (approximately 69%) passed the DMARC check successfully. It's quite an >>>> achievement, reflective of our collective hard work in fostering a safer, >>>> more secure email environment. >>>> >>>> >>>> >>>> However, upon further analysis, it's evident that a mere 1.6% (or >>>> thirty-six million) of these DMARC-passed emails relied exclusively on the >>>> Sender Policy Framework (SPF) for validation. This is a remarkably low >>>> volume compared to the overall DMARC-passed traffic, raising questions >>>> about SPF's relevancy and the load it imposes on the DNS systems. >>>> >>>> >>>> >>>> Given the current use case scenarios and the desire to optimize our >>>> resources, I propose that we explore the possibility of removing the SPF >>>> dependency from DMARC. This step could result in a significant reduction in >>>> DNS load, increased efficiency, and an accurate alignment with our >>>> predominant use cases. >>>> >>>> [...] >>>> >>> >>> Does anyone have consonant (or dissonant) data? >>> >>> -MSK, participating >>> _______________________________________________ >>> dmarc mailing list >>> dmarc@ietf.org >>> https://www.ietf.org/mailman/listinfo/dmarc >>> >> >> >> -- >> >> *Seth Blank * | Chief Technology Officer >> *e:* s...@valimail.com >> *p:* 415.273.8818 >> >> This email and all data transmitted with it contains confidential and/or >> proprietary information intended solely for the use of individual(s) >> authorized to receive it. If you are not an intended and authorized >> recipient you are hereby notified of any use, disclosure, copying or >> distribution of the information included in this transmission is prohibited >> and may be unlawful. Please immediately notify the sender by replying to >> this email and then delete it from your system. >> _______________________________________________ >> dmarc mailing list >> dmarc@ietf.org >> https://www.ietf.org/mailman/listinfo/dmarc >> > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
