On June 20, 2023 4:33:48 PM UTC, John Levine <jo...@taugh.com> wrote: >It appears that Tobias Herkula <tobias.herk...@1und1.de> said: >>-=-=-=-=-=- >>Sadly they can’t, there are Mailbox Providers that expect SPF Records, so to >>maintain deliverability to those, you have to keep SPF >>records in place and can’t switch to an DKIM only DMARC. > >Nobody's saying you can't publish SPF. We're just saying DMARC should ignore >it.
See the message I sent in a new thread for details. I don't think this makes any sense. There are problematic messages passing SPF. Similarly there are problematic messages passing DKIM. All dumping SPF does is increase the incentive to replay DKIM. The problem here is domains authorizing their mail to be sent from under controlled third party sources. Once SPF is gone, they'll use DKIM and still send "bad" messages. Problem not solved. If, for example, you deploy BIMI, and messages you didn't send get the BIMI marker, the solution is to hunt through your DMARC feedback reports, figure out which third party authenticated the message, and fire them. This is an economics/incentives problem, not a technical problem. Scott K _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
