On Mon 19/Jun/2023 20:42:28 +0200 Patrick Ben Koetter wrote:
The number of IP addresses in SPF-Records published by VLMPs foils the idea of "a controlled and limited number of host allowed to send on behalf of a senderdomain". Given the (internal routing) challenges you face when you try to publish a limited, dedicated IP range per tenant only, I do not see the current problem we have with SPF, when it comes to use SPF as identity anchor for email authentication, go away in the future.
On the other hand, there are domains whose mail is sent from a small number of IPs, exclusively used by such domain's dedicated servers. SPF works very well in those cases.
I'm well aware that the global tendency is to outsource anything IT, including mail. However, I'd continue to support independent sending, avoiding to burn bridges behind us. Gmail security team's proposal, to express allowed authentication mechanisms as a policy provides for the best possibilities. We can do it also without a version bump.
Best Ale -- _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
