> On 19 Aug 2023, at 12:31, Gellner, Oliver via mailop <mailop@mailop.org> > wrote: > > >> On 19.08.2023 at 12:30 Benny Pedersen via mailop wrote: >> >> prove it, it just loose dmarc aligment, if it was hardfails, lets not ignore >> domain owners, ever >> >> spf softfails can still pass dkim, hopefully you know this > > You don’t have to ignore domain owners as they do not put any kind of policy > into SPF records. SPF does not allow one to to this. > What domain owners can do is set up a policy in the DMARC record. Of course > on the receiver side you can make up any number of additional or even > contradictory policies like the one you described, as in „your server, your > rules“. But I believe the guidance from M3AAWG which actually takes existing > policies from the sender side into account is more friendly and provides less > false positives. In a nutshell this means: Do not reject emails based solely > on SPF failures as soon as the sending domain has a valid DMARC record.
This recommendation doesn’t make sense. For companies that actually reject due to SPF, they’re most likely going to do it after MAIL FROM: At this point in the transaction, they don’t know what the DMARC domain is. They can look up DMARC for the domain in the MAIL FROM: but that may or may not be connected to the actual domain in the 5322.from. I mean, I think it’s a bad idea to reject for SPF failures, but for folks who do I can’t imagine they want to see the full content of the message before just throwing it away. That seems wasteful. laura -- The Delivery Expert Laura Atkins Word to the Wise la...@wordtothewise.com Delivery hints and commentary: http://wordtothewise.com/blog
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop