There are two possible approaches to DMARC.
One approach says that FAIL should be reliably true, and non-FAIL for any
reason is ambiguous. This means that domain owners should only publish a
reject policy when there is no possibility that their messages pass through
mailing list or any other
Correction. I should have said that Ken Driscoll was correct, when he
said that SPF NONE was a commonplace way of making DMARC into a one-sided
test.
DF
-- Forwarded message -
From: Douglas Foster
Date: Tue, Jan 4, 2022 at 7:13 PM
Subject: Re: [dmarc-ietf] Section 5 -
On 1/4/2022 6:42 AM, Tobias Herkula wrote:
One big thing missing in the Discussion are Receiver obligations, I
encountered a lof of Mailbox Providers that demand a valid and concise
SPF record, and in this case the Sender has no way to state that he
requires DKIM signatures for DMARC, the
Tobias is correct. When I checked my message log, I had no trouble
finding messages with SPF=none, aligned DKIM=verified, and DMARC policy
exists. "store.apple.com" is one example. We need to acknowledge that
this has become standard practice.
Nonetheless, a protocol should not depend on
It appears that Tobias Herkula said:
>the often stated argument of simply not publishing SPF records if a Sender
>wants DKIM-only
>DMARC is not a viable solution in the real world.
If your SPF record accurately describes the sources of your mail, can you
explain why
it would be a problem for
On Mon, Dec 27, 2021 at 8:33 AM Douglas Foster <
dougfoster.emailstanda...@gmail.com> wrote:
> I suggest the language should be more like this:
>
> If the set produced by the DNS Tree Walk contains no DMARC policy record
> (i.e., any indication that there is no such record as opposed to a
>
One big thing missing in the Discussion are Receiver obligations, I encountered
a lof of Mailbox Providers that demand a valid and concise SPF record, and in
this case the Sender has no way to state that he requires DKIM signatures for
DMARC, the often stated argument of simply not publishing
Organisations using DKIM-only (also SFP-only) with an enforcing DMARC policy
are more common than you may think. While some configurations are perhaps in
error, many I have encountered are deliberate decisions based on specific use
cases.
For example, I have a finance house that uses
