On Thu, Apr 13, 2023 at 12:19 PM Barry Leiba <[email protected]> wrote:
> Maybe just add a sentence to the end of the second paragraph: > > The use of SPF alone, without DKIM, is strongly NOT RECOMMENDED. > > Barry > I think the opposite. Something along the lines of "Sending domains SHOULD implement both SPF and DKIM to minimize breakage and non-delivery of mail. Michael Hammer > > > On Thu, Apr 13, 2023 at 12:04 PM Todd Herr <[email protected]> wrote: > >> On Thu, Apr 13, 2023 at 11:21 AM Barry Leiba <[email protected]> >> wrote: >> >>> > Anyone who does forwarding is damaged by DMARC because there are a lot >>> of >>> > people who do DMARC on the cheap with SPF only. >>> >>> This brings up another issue, I think: that there should also be >>> stronger advice that using DKIM is critical to DMARC reliability, and >>> using SPF only, without DKIM, is strongly NOT RECOMMENDED. >>> >>> I don't disagree. >> >> How do we make the following text stronger? >> 5.5.2. >> <https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-27.html#section-5.5.2>Configure >> Sending System for DKIM Signing Using an Aligned Domain >> <https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-27.html#name-configure-sending-system-fo> >> >> While it is possible to secure a DMARC pass verdict based on only one of >> SPF or DKIM, it is commonly accepted best practice to ensure that both >> authentication mechanisms are in place to guard against failure of just one >> of them. >> >> This is particularly important because SPF will always fail in situations >> where mail is sent to a forwarding address offered by a professional >> society, school or other institution, where the address simply relays the >> message to the recipient's current "real" address. Many recipients use such >> addresses and with SPF alone and not DKIM, messages sent to such users will >> always produce DMARC fail. >> <https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-27.html#section-5.5.2-2> >> >> The Domain Owner SHOULD choose a DKIM-Signing domain (i.e., the d= >> domain in the DKIM-Signature header) that aligns with the Author Domain. >> >> >> -- >> >> *Todd Herr * | Technical Director, Standards and Ecosystem >> *e:* [email protected] >> *m:* 703.220.4153 >> >> This email and all data transmitted with it contains confidential and/or >> proprietary information intended solely for the use of individual(s) >> authorized to receive it. If you are not an intended and authorized >> recipient you are hereby notified of any use, disclosure, copying or >> distribution of the information included in this transmission is prohibited >> and may be unlawful. Please immediately notify the sender by replying to >> this email and then delete it from your system. >> > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
