According to
Domain-based Message Authentication, Reporting, and Conformance (DMARC)
https://tools.ietf.org/html/rfc7489
"If the set produced by the mechanism above contains no DMARC policy
record (i.e., any indication that there is no such record as opposed
to a transient DNS error), Mail Receivers SHOULD NOT apply the DMARC
mechanism to the message."
Iiuc, this means that if
SPF policy checks+tags, but no action
DKIM policy checks+tags, but no action
DMARC consumes SPF + DKIM results, checks+tags, acts
then if NO DMARC policy exists for an inbound sender's mail, that SPF & DKIM fails remain UN-acted on.
I.e., in that^ case, the SPF & DKIM could BOTH fail, but the message would be passed because there's NO DMARC policy.
Unless I've misunderstood that rfc, this is clearly not a useful scenario in a real-world where still many have no DMARC record/policy published.
Jason
Received on Wed Jun 22 2016 - 14:30:59 PST