Le 08/02/2024 à 11:56, Cyril - ImprovMX via mailop a écrit :
This is an interesting topic (I'm running an email forwarding service
so...).
Please correct me if I'm wrong but I think it's not entirely that bad.
First, I agree with Jarland that ARC doesn't fixes anything, it only
gives more power to those who already have too much.
But forwarding an email from a domain that have DMARC enabled (with a
policy different than "none") could still work if the sender signed
their email with DKIM. Isn't it correct?
In order for DMARC to be valid, you need at least SPF OR DKIM to PASS,
but also have domain alignment between the From header and either the
SPF sending domain, or the DKIM signing domain.
When forwarding, you break SPF as you are probably not on the list of
authorized sending servers, but if the DKIM alignment and validity is
there in the beginning, the email should still pass DMARC.
The only case where email forwarding is in trouble is for senders
enabling DMARC without sending DKIM-signed emails.
Am I missing something?
No, I agree with you (I’m running two forwarders that have no issues so
far). And having a DMARC enforcing policy without DKIM is a bad idea.
I would have wished that DMARC would require both SPF and DKIM, but now
it is too late for that. Hopefully they are not a lot of domain that do
DMARC without DKIM.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
