> > > It would be a way for senders to say "yes I checked that all my DKIM > > signatures are working and aligned, I don't need you to look at SPF and > > don't want to have the risk of SPF Upgrades. > > So why do you publish an SPF record? Presumably so someone will accept > your mail who wouldn't otherwise, except you just said they shouldn't. > Still not making sense to me. >
DKIM Replay is still an issue. If you don't publish any SPF record then your mail will look fairly similar to replay attacks. In this case the SPF isn't helping recipients accept mail that has a broken DKIM, it's helping recipients additionally reject/spam-folder replayed mail which will according to the spec have a DMARC pass. But putting aside DKIM Replay I think most senders would still want to publish an SPF record since SPF has been around for a while and many reputation systems use it as one of the factors. You just wouldn't be publishing an SPF record to help from a DMARC perspective.
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc