Comment 31 for bug 1589693
Revision history for this message
| Scott Kitterman (kitterman) wrote Re: [Bug 1589693] Re: Make Launchpad Bug Emails DMARC Compliant to avoid Launchpad bug mail considered spam | #31 |
On Thursday, June 4, 2020 10:15:45 PM EDT you wrote:
> On 6/4/20 8:34 PM, Brandon Applegate wrote:
> > I too just noticed an email come in today (From: domain canonical.com)
> > that failed DMARC on my server. I'm scratching my head as to why there
> > is a DMARC record for canonical.com but no SPF or DKIM. DMARC is of
> > course SPF OR DKIM (and that's an oversimplification as well, but...).
> > So publishing a DMARC record without no SPF and no DKIM doesn't make any
> > sense to me - it's guaranteed to fail every time (and yes I see there is
> > a p=none in the policy which is why I accepted the mail...).
>
> After staring at RFC7489 and particularly
> https:/
> cannot obtain a fail in the absence of both an SPF declaration and a
> DKIM-signed message. However, I will defer to any superior alien
> intelligence which can provide a bible to thump regarding "absence of
> pass is fail" as opposed to "lack of both SPF and DKIM precludes
> pass/fail evaluation".
From that section:
> DMARC evaluation can only yield a "pass" result after one of the
> underlying authentication mechanisms passes for an aligned
> identifier.
So if a domain does neither SPF nor DKIM, there can't be a pass. DMARC only
has pass and fail.
Regardless, it is not uncommon for domains to publish DMARC records with
p=none in order to collect feedback. Canonical's DMARC record does that.
Scott K