On Fri 23/Jun/2023 22:56:59 +0200 Barry Leiba wrote:
If the DMARC spec makes that clear, I think we win. And recipients can still do what they want: if DMARCbis goes out with "use DKIM only" and a recipient wants to use SPF anyway, they can do that... just as a recipient that decides to use best-guess-SPF in the absence of actual SPF records is free to make that choice.
As old as DKIM is, it's still too young to be provided for in MTA design. The software I use, for example, allows filters on incoming mail. Messages are signed before going in the queue. That means that signatures are broken in the (rare) event of 7-bit conversion, and DSNs generated on the fly are not signed at all.
If we want DMARC to brand authentication, we'd better add than remove mechanisms. Best Ale -- _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
