On 2/23/2019 2:56 PM, Kurt Andersen (b) wrote:
On Sat, Feb 23, 2019 at 11:00 AM Hector Santos wrote:
Unless the conditions were limited to when this can be applied, I can
see where this can become really complex because of higher recursion
potentials. You also have compatibility concerns as
Just provide a DKIM only mechanism/option.
Michael Hammer
On Sat, Feb 23, 2019 at 2:56 PM Kurt Andersen (b) wrote:
> On Sat, Feb 23, 2019 at 11:00 AM Hector Santos wrote:
>
>> On 2/23/2019 1:07 PM, Kurt Andersen (b) wrote:
>> >
>> > Instead of using the standard "(+)include:" approach, if doma
On Sat, Feb 23, 2019 at 11:00 AM Hector Santos wrote:
> On 2/23/2019 1:07 PM, Kurt Andersen (b) wrote:
> >
> > Instead of using the standard "(+)include:" approach, if domain owners
> used
> > "?include:" as their mechanism, then that would prevent the SPF result
> from
> > granting a DMARC PASS
It's bad idea, because "?" does not grant SPF authentication. SPF is
important even if message is DKIM signed and regardless of DMARC,
because it authenticates envelope address. As an example, NDR/MDN may
not be generated to envelope address which is not SPF authenticated, we
actually use this ru
On 2/23/2019 1:07 PM, Kurt Andersen (b) wrote:
With the growth of huge platforms that emit mail from the same common set
of IPs (such as GSuite, O365, or large ESPs), regular SPF "include" ends up
granting a DMARC pass to a lot more potential authors than most
organizations would necessarily choo
Kurt
This is pretty interesting. I've been assisting several teams as we have
been (very) slow rolling the DMARC policy out of reporting through
quarantine into reject. They been pulling all the disparate teams into
deploying DKIM, but I was pointing out they have been guessing on who is
using DK
With the growth of huge platforms that emit mail from the same common set
of IPs (such as GSuite, O365, or large ESPs), regular SPF "include" ends up
granting a DMARC pass to a lot more potential authors than most
organizations would necessarily choose to grant.
Instead of using the standard "(+)i