IETF Logo Mail Archive

Re: [dmarc-ietf] DMARC2 & SPF Dependency Removal

Ken Simpson <ksimpson@mailchannels.com> Sun, 18 June 2023 21:07 UTC

Return-Path: <ksimpson@mailchannels.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B167C14CE54 for <dmarc@ietfa.amsl.com>; Sun, 18 Jun 2023 14:07:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.084
X-Spam-Level:
X-Spam-Status: No, score=-2.084 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mailchannels.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WdcnnRq21ljT for <dmarc@ietfa.amsl.com>; Sun, 18 Jun 2023 14:07:39 -0700 (PDT)
Received: from mail-lf1-x136.google.com (mail-lf1-x136.google.com [IPv6:2a00:1450:4864:20::136]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 373ACC14CE31 for <dmarc@ietf.org>; Sun, 18 Jun 2023 14:07:39 -0700 (PDT)
Received: by mail-lf1-x136.google.com with SMTP id 2adb3069b0e04-4f76a4c211dso3354064e87.3 for <dmarc@ietf.org>; Sun, 18 Jun 2023 14:07:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.com; s=google; t=1687122457; x=1689714457; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=8FJJ2VpEsq0+6BUiDMli3EafrKMpjvH3jXm3hw3NbEc=; b=XYlzc8bCcTdj7zfAByQy+TJOakkB0Q6jpkLdroHdQ8h5y1iJufTE6QbL4hEkFv+7ej Hm01bjMnEeTlR1ML5s5z/OuNMx96loMlAZUFnlPksZ8wmV4009fCY1EULrqQNCsxsNqn MfeMbFHNmqob49U0JAAWF+gvd8W5ONtmlJcgQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687122457; x=1689714457; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=8FJJ2VpEsq0+6BUiDMli3EafrKMpjvH3jXm3hw3NbEc=; b=Smo7FgHvbv9gz1FjeKuK8HeEmnO35lSNkXUdI0v0UVS0SkHYtgG4ZAaHBBX0xSlORN yhAtOv4GryNopGOjDme8BRYnZ+TthcBfr+P7FDO/fq7EkFQyVXGIgodGG/2Agm99NgZa +J80W9dhSuGKjBA5DJBk1jRKiRdGTWAVF1febU9ymvHhseuufyXtHaRwf6hTyiF4+sLe TS8aAzYJdgu5MukGALd1WEgyLLj3Ur4B/UNG+Z3OcbnKReNbuEn1aU4FiOFb77BXjo8f PizMMNYhVPe5/WJitqdAY04jfTYZOwPAzU/GknWzE2SUK4akHh/8HXxhW5zsMLI5Ibbg Qa7A==
X-Gm-Message-State: AC+VfDyDywxSQ91Eb2FpNXW3cCc2pSKKmTz1q0rfpto23Z5GRf2zd7Jd MrLvx+NIrkyO5alABxY3fbmrlYAPVsQPgIPOhPVmmQ==
X-Google-Smtp-Source: ACHHUZ6cNZhtcudf/vNEzNI8mOf/FcWni40tc1htFNyJFdO0UydFfVuAOQyvIPCI6qWgLPMqOodeLjZWEHdfbiIU4iU=
X-Received: by 2002:a19:ca08:0:b0:4f8:5792:3802 with SMTP id a8-20020a19ca08000000b004f857923802mr3583609lfg.10.1687122456933; Sun, 18 Jun 2023 14:07:36 -0700 (PDT)
MIME-Version: 1.0
References: <30BB83B2-B454-41B8-992B-8E2569802D9C@1und1.de> <D225D7FC-C570-4B63-A694-9F16DB1F33E1@kitterman.com> <CALaySJKwuOK-81dW2H9dtURxa5mLQDUNo+MWcs+Hho8N+yP9qg@mail.gmail.com> <2817813.dRqVH37e0G@localhost> <CALaySJJbPFBAV_7mZaARYWuMzuX+74r2Cm0jD+z92_iuFRn_MQ@mail.gmail.com> <25736.57534.195344.782189@fireball.acr.fi> <1ec42959-977a-9ce0-907a-83a5eb2b6ef2@tana.it> <25739.5435.550786.601699@fireball.acr.fi> <25739.33240.127804.524371@fireball.acr.fi> <5d9a0b0f-8777-2494-d779-376c6ab8b37d@tana.it> <7d39aa8e-dacc-05fa-eff1-2cc350d521db@inboxsys.com> <CAH48ZfwyBwfKzG_3R5uyV6tmY0yUtWy=5yAoAOEhUGn_Rz6HNw@mail.gmail.com> <47b8a0c7-6a52-a4ad-e98e-8cb2f881713e@inboxsys.com> <285f2d2e-13fd-7cdc-c816-fba759f0745b@dusatko.org> <CAH48ZfzhyZK3RQHXH-PPk=sqY9gOtpA85vV-Myyo_RrEvOGu-Q@mail.gmail.com> <CAEYhs4F9=GDsCuQ9pAi8z-MBNHUJ9jZCwipT3Qe_YjaD65s9mA@mail.gmail.com> <CAH48Zfz-GRvXhOAWYn_mAypyoWm4L3=BKBxJad6X5NSFDD83yQ@mail.gmail.com>
In-Reply-To: <CAH48Zfz-GRvXhOAWYn_mAypyoWm4L3=BKBxJad6X5NSFDD83yQ@mail.gmail.com>
From: Ken Simpson <ksimpson@mailchannels.com>
Date: Sun, 18 Jun 2023 14:06:59 -0700
Message-ID: <CAEYhs4E=nrXsnTRNjCmC1yD-8HrKi0GLCdri5WjDHBvFubKHjw@mail.gmail.com>
To: Douglas Foster <dougfoster.emailstandards@gmail.com>
Cc: Jan Dušátko <jan=40dusatko.org@dmarc.ietf.org>, dmarc@ietf.org
Content-Type: multipart/alternative; boundary="000000000000bd0ed505fe6dce5b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/gOcXzkUvEHerw_ZFT6hPsxrK1sk>
Subject: Re: [dmarc-ietf] DMARC2 & SPF Dependency Removal
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Jun 2023 21:07:43 -0000

On Sun, Jun 18, 2023 at 10:56 AM Douglas Foster <
dougfoster.emailstandards@gmail.com> wrote:

> I suspect that many domain owners have not considered the possibility of
> using DKIM with SPF NONE.
>
> Then there is the concern about evaluators that understand SPF but do not
> understand DMARC.   Do they treat SPF NONE as acceptable or suspicious?
>
> For your situation Ken, do your clients have the ability to connect their
> web-generated email to a DKIM signing server?   If not, do you envision
> providing that service (with SPF AUTH login to ensure clients are kept
> separate from each other))?
>

Most web hosting customers are simple SMBs - think restaurants, small
shops, a car garage, etc. They have no idea what DKIM is, never mind having
access to a DKIM signing server. The hosting provider has to hook up
everything for them and presumably, with enough encouragement, we could
eventually get hosting companies to implement DKIM signing for their
customers. That is not the case today.

Some transactional email providers provide a DKIM signing service with
CNAME-based DKIM key hosting. That's a great concept and we may one day
provide it with an API hook allowing the hosting providers to hook this up
for their clients at scale.

Regards,
Ken

-- 

Ken Simpson

CEO, MailChannels
<https://www.mailchannels.com/?utm_source=Email%20Signature&utm_medium=Ken%20Simpson&utm_campaign=Website>


Facebook <http://bit.ly/2dnoP3K>  |  Twitter <http://bit.ly/2ehoWni>  |
LinkedIn <http://bit.ly/2dw87lU> |  Help Center
<https://mailchannels.zendesk.com/hc/en-us?utm_source=Email%20Signature&utm_medium=Ken%20Simpson&utm_campaign=Help%20Center>

Our latest case study video: watch here!
<https://www.youtube.com/watch?v=psb41xDIL9k>

v2.23.0 | Report a Bug | By Email