is deferred evaluation of SPF / DKIM possible?

[rjbs]

Sometimes, we don't care about SPF or DKIM results if there's no DMARC policy to instruct on their use. It seems that we always need to do the SPF and DKIM checks before checking DMARC, which can result in quite a few unneeded DNS queries.

Is there a way to defer those checks until the DMARC policy makes it clear that one of more of them is needed?

If not, would you be receptive to a change to allow it? One possible implementation would allow the passing of a callback for spf and dkim, to be used to lazily populate the attributes as needed.

[msimerson]

No such deferral options exists today.

Sometimes, we don't care about SPF or DKIM results if there's no DMARC policy

That's a way of using DMARC I hadn't considered.

My MTAs (Haraka and legacy Qpsmtpd) have plugin architectures and I always run SPF (during HELO and MAIL FROM verbs) early in the SMTP conversation. After DATA (assuming the connection survives that long) I run the DKIM plugin so I have both answers "in hand" before the DMARC plugin runs. But if DMARC is the reason to get that information, it's a perfectly reasonable argument.

I am receptive to a PR that implements this.