Re: [dmarc-ietf] [ietf-dkim] a slightly less kludge alternative to draft-kucherawy-dmarc-rcpts

[Hector Santos <hsantos@isdg.net>]

On 11/17/2016 9:34 AM, MH Michael Hammer (5304) wrote:

>>
>> For exclusive policies (SPF -ALL), you really don't need DKIM, DMARC or ARC
>> for that matter since the receiver (at least ours) will never accept the payload
>> anyway, i.e. it never gets to the SMTP "DATA"
>> state.  SPF does not require you to accept the mail for the hard reject policy
>> (-ALL).
>>
>
> Hector, the reality is that most mailbox providers do not reject on SPF -all because so many senders don't understand what they are "saying" with -all and the mailbox providers are the ones who get the complaints about mail not getting delivered. THAT is reality.
>

Is "MOST" 100%, 90%, 80%, 70%, 51%?  The fact is there are receivers 
that do reject on -ALL. Its doesn't matter if its 1%.  The specs has 
always allowed to be done and it is done.  That's the reality. All 
systems need to be ready to handle that situation.  The payload isn't 
even transferred. In the 13 years implementing it, I can't even recall 
one false positive. Another point is that many domains have switched 
their early SoftFail or Neutral setup to Hardfail for the primary 
purpose of rejection despite how a receiver will actually do 
rejection.  A good majority of high value domains are Hard Fails and 
have been for a number of years.  I just don't buy that the notion 
that senders don't know what they are doing.

In any case, my main point is that if you use SPF -ALL, you can bypass 
lots of unnecessary overhead processing in DKIM/DMARC or any related 
payload technology.

-- 
HLS