Hi there, [Cutting out a lot of cc:s to try to keep the noise level down.]
On Thu, 28 Nov 2024, Stephen Farrell wrote:
... domain owner/sender could indicate via DMARC to receivers that they think SPF is no longer good enough by itself, in their opinion, for email claiming to be from them (the sender).
I wish I had a Bitcoin for every time I've heard "our SPF record must be OK - it passes". Everyone seems to be looking for a 'pass'. I've always thought that everyone (except me:) gets SPF on its head. In my view you're looking for it to 'fail' (or for some error - lots more of those than you'd think, if you stress-test the SPF records). If then it passes, it doesn't really tell you anything. Move on. I get a heck of a lot of mail from me for example, which I didn't send and which I can cheerfully reject on SPF alone.
Personally, I do think it odd there's no way for a sender to use DMARC to say "I know I still have to publish SPF stuff, so as not to break things, but I'd really prefer you ignore that and depend only on my DKIM stuff if you know how to parse this new bit of a TXT RR for DMARC."
$ dig +short -t txt exp.jubileegroup.co.uk "The only servers permitted to send mail on behalf of the jubileegroup.co.uk domain are those listed in its SPF record." $ Surely there must be a way, with what we already have. -- 73, Ged. _______________________________________________ dmarc mailing list -- [email protected] To unsubscribe send an email to [email protected]
