On 6/4/20 8:34 PM, Brandon Applegate wrote:
> I too just noticed an email come in today (From: domain canonical.com)
> that failed DMARC on my server. I'm scratching my head as to why there
> is a DMARC record for canonical.com but no SPF or DKIM. DMARC is of
> course SPF OR DKIM (and that's an oversimplification as well, but...).
> So publishing a DMARC record without no SPF and no DKIM doesn't make any
> sense to me - it's guaranteed to fail every time (and yes I see there is
> a p=none in the policy which is why I accepted the mail...).
After staring at RFC7489 and particularly https://tools.ietf.org/html/rfc7489#section-6.6.2, it seems that one
cannot obtain a fail in the absence of both an SPF declaration and a
DKIM-signed message. However, I will defer to any superior alien
intelligence which can provide a bible to thump regarding "absence of
pass is fail" as opposed to "lack of both SPF and DKIM precludes
pass/fail evaluation".
On 6/4/20 8:34 PM, Brandon Applegate wrote:
> I too just noticed an email come in today (From: domain canonical.com)
> that failed DMARC on my server. I'm scratching my head as to why there
> is a DMARC record for canonical.com but no SPF or DKIM. DMARC is of
> course SPF OR DKIM (and that's an oversimplification as well, but...).
> So publishing a DMARC record without no SPF and no DKIM doesn't make any
> sense to me - it's guaranteed to fail every time (and yes I see there is
> a p=none in the policy which is why I accepted the mail...).
After staring at RFC7489 and particularly /tools. ietf.org/ html/rfc7489# section- 6.6.2, it seems that one
https:/
cannot obtain a fail in the absence of both an SPF declaration and a
DKIM-signed message. However, I will defer to any superior alien
intelligence which can provide a bible to thump regarding "absence of
pass is fail" as opposed to "lack of both SPF and DKIM precludes
pass/fail evaluation".