Post by Dotzero
….ed to bolstering and clarifying existing policies.
It is not simply a confusing repitition of available policies
Alessandro. There are several key differences. that are important. 1)
DMARC introduces the concept of alignment for SPF and DKIM 2) DMARC
policy only comes into effect when a message fails both (aligned) SPF
and DKIM. This provides additional robustness that is not available
when looking at ONLY SPF or DKIM.
It also means that mailing lists like this break SPF+DMARC, whereas they actually pass SPF alone. Which is a great shame, since most DKIM breakage occurs on lists like this (not this one, though).
So, without DMARC, and assuming full deployment of SPF and DKIM, recipient MTAs can do domain based reputation assignment based on either DKIM or SPF.
DMARC complicates that by insisting that the RFC5322.FROM header address being validated, on the basis that the FROM header is exposed to the end recipient, which is just not true for users of many modern mail clients (Apple Mail, Outlook, OWA, Gmail web access, Thunderbird, etc). All they expose (by default) is the description part, where it exists, the address otherwise.
And it gets worse: RFC 6854 proposes to permit group formats in From headers, so they can contain things like "undisclosed sender":; without an email address to check for alignment.
Postmaster, University of Sussex
+44 (0) 1273 87-3148