Re: Opendkim on-(error) configs for production systems?

From: <>
Date: Wed, 22 Jun 2016 07:30:46 -0700

According to

        Domain-based Message Authentication, Reporting, and Conformance (DMARC)

                "If the set produced by the mechanism above contains no DMARC policy
                record (i.e., any indication that there is no such record as opposed
                to a transient DNS error), Mail Receivers SHOULD NOT apply the DMARC
                mechanism to the message."

Iiuc, this means that if

        SPF policy checks+tags, but no action
        DKIM policy checks+tags, but no action
        DMARC consumes SPF + DKIM results, checks+tags, acts

then if NO DMARC policy exists for an inbound sender's mail, that SPF & DKIM fails remain UN-acted on.

I.e., in that^ case, the SPF & DKIM could BOTH fail, but the message would be passed because there's NO DMARC policy.

Unless I've misunderstood that rfc, this is clearly not a useful scenario in a real-world where still many have no DMARC record/policy published.

Received on Wed Jun 22 2016 - 14:30:59 PST

This archive was generated by hypermail 2.3.0 : Wed Jun 22 2016 - 14:36:00 PST