On 12/30/22 13:45, Polarian wrote:
Hello,
I guess this is a good idea, however this means you can not have a
strict DMARC record like I do now, thus you need to setup the DMARC
record to accept pass of either spf or dkim.
However, having valid spf does not instantly mean your emails will not
be spammed, dkim takes higher priority, so if you have a strict DMARC
record and include lists.archlinux.org in your spf record, it will still
be impossible for them to send emails as you, as they will not be able
to pass the dkim check and will fail the dmarc validation, and thus will
be (most likely) spammed!
Thank you,
Polarian
Are you quite sure that strict DMARC requires dkim?
Maybe it's more about how the domain (or subdomain) is treated for
establishing alignment when comparing with the signing domain name.
May be worth double checking that your thesis that an unsigned mail
which is SPF valid and SPF aligned will fail DMARC as you suggest above.
gene
