> On Apr 7, 2024, at 6:54 AM, Tero Kivinen <kivi...@iki.fi> wrote:
>
> Scott Kitterman writes:
>> I hear you. Your operational issue is my system working as designed.
>> DMARC works on top of SPF, it doesn't change it.
>
> Yes, DMARC works on top of SPF, and DKIM and provides policy layer. We
> are trying to change the fact that people rely purely on SPF, and try
> to get them moved to use DMARC istead, and we are trying to explain
> that if you do SPF inside the DMARC context, you get exactly same
> policy results you get as when you do SPF before, except you get it
> better, as you have more data available. Using -all would be
> completely ok if everybody would be doing DMARC, but as there are some
> systems which do SPF outside DMARC, and there having -all might
> shortcircuit DMARC out from the equation, we should provide guidance
> to those people how they can get best results in current environment.
> Thus the best current practice should be use to use ~all instead of
> -all if you are trying to use DMARC, and want other systems to
> actually act based on your DMARC policy.
>
>> Anything like this belongs in an operational guidance document, not in the
>> protocol description. I have no problem describing the trade offs in an
>> appropriate document, but I don't think this is it.
>>
>
I think you’re right the core document should be kept sacred but a DMARCbis
pointing to an operational document that discusses the trade offs and perhaps
goes so far as to recommend best practices if that seems appropriate.
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
