On 11/17/2016 9:34 AM, MH Michael Hammer (5304) wrote:
For exclusive policies (SPF -ALL), you really don't need DKIM, DMARC or ARC
for that matter since the receiver (at least ours) will never accept the payload
anyway, i.e. it never gets to the SMTP "DATA"
state. SPF does not require you to accept the mail for the hard reject policy
(-ALL).
Hector, the reality is that most mailbox providers do not reject on SPF -all because so
many senders don't understand what they are "saying" with -all and the mailbox
providers are the ones who get the complaints about mail not getting delivered. THAT is
reality.
Is "MOST" 100%, 90%, 80%, 70%, 51%? The fact is there are receivers
that do reject on -ALL. Its doesn't matter if its 1%. The specs has
always allowed to be done and it is done. That's the reality. All
systems need to be ready to handle that situation. The payload isn't
even transferred. In the 13 years implementing it, I can't even recall
one false positive. Another point is that many domains have switched
their early SoftFail or Neutral setup to Hardfail for the primary
purpose of rejection despite how a receiver will actually do
rejection. A good majority of high value domains are Hard Fails and
have been for a number of years. I just don't buy that the notion
that senders don't know what they are doing.
In any case, my main point is that if you use SPF -ALL, you can bypass
lots of unnecessary overhead processing in DKIM/DMARC or any related
payload technology.
--
HLS
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html