toddherr
commented
5 months ago See also the "SPF Follies" thread on the mailing list
Closed toddherr closed 4 months ago
toddherr
commented
5 months ago See also the "SPF Follies" thread on the mailing list
toddherr
commented
4 months ago Updating second paragraph of "Issues Specific to SPF" to read:
Some Mail Receiver architectures might implement SPF in advance of any DMARC operations. This means that a SPF hard fail ("-") prefix on a sender's SPF mechanism, such as "-all", could cause a message to be rejected early in the SMTP transaction, before any DMARC processing takes place, if the message fails SPF validation checks. Domain Owners choosing to use "-all" to terminate SPF records should be aware of this, and should understand that messages that might otherwise pass DMARC due to an aligned DKIM pass could be rejected solely due to an SPF fail. Domain Owners and Mail Receivers can consult the following two documents for more discussion of the topic:
M3AAWG Best Practices for Managing SPF Records M3AAWG Email Authentication Recommended Best Practices
The thread spawned by the post referenced in Issue 140 included lots of discussion about SPF records ending in -all and how honoring them means that DMARC never gets evaluated.
Add some discussion in the appropriate place, and maybe reference the following two M3AAWG documents: