Comment by throw0101c
1 month ago
Related: there are known problems with DKIM, and there's a DKIM2 effort:
* https://datatracker.ietf.org/doc/draft-gondwana-dkim2-motiva...
* https://datatracker.ietf.org/wg/dkim/about/
* https://blog.redsift.com/email/dkim/first-look-at-dkim2-the-...
The recently-held IETF 122 had a session on it:
I'd also like to see an update to DMARC so you can require both SPF and DKIM in your policy, instead of just one out of the two.
Terrible idea, SPF is very hostile to (legitimate) forwarding. In general SPF should actually die.
If you have trusted forwarders, you just add them to the SPF policy (which can be recursive, though there is a pretty low limit on how many records can be looked up). I've not had an issue with this, personally. However, assuming DKIM can be tightened up as proposed above, I'm not sure SPF would be necessary anymore.
8 replies →