On 5/25/25 8:42 AM, Tom Ivar Helbekkmo wrote:
Michael Thomas via NANOG <nanog@lists.nanog.org> writes:
It's never been especially clear to me why [SPF and DKIM] needed to be unified -- [...] SPF had its own policy mechanism, DKIM its own too (ADSP nee SSP). Why DMARC is "better" is still pretty much a mystery, and my suspicion is it's mainly politics. The way I see it, you can't have both without something that lets each do its evaluation, and then uses those results as input to a final decision. If you just put both of them in there, as independent agents, you'll get e.g. SPF rejecting a forwarded email, and never letting DKIM verify that it is, in fact, genuine.
My position is that what could actually be helpful is a BCP which describes the entire ecosystem and what MTA's and potentially other things in the mail delivery path ought to either be doing, or cognizant of. I have long thought that the concept of a "well behaved mailing list" might be useful to assist with an admittedly imperfect situation. But it might be nice to give advice for receivers (and that would be *extremely* helpful if big mailbox providers were more forthcoming... alas). Beyond that, I really don't see what DMARC has brought to the table beyond 10 years of argument and... irrelevance in many ways. Mike