Learning about how SPF/DMARC work right now. What I don't see a lot of the articles covering is what happens if there is no published SPF record for the domain. From what I can see most mail servers count that as a pass and let the email through. If the domain has no SPF record, but does have a DMARC record, would it count as a DMARC pass?
Asked
Active
Viewed 275 times
1 Answers
4
A DMARC pass requires that there is either a valid and aligned DKIM signature OR an a SPF check which returned Pass and which has an aligned claimed sender.
This means, that if there is a valid and aligned DKIM signature the result of SPF does not matter at all, i.e. it will return DMARC pass no matter what the result from SPF is, which includes the cases where the domain does not have an SPF policy at all.
If instead there is no valid and aligned DKIM signature then the DMARC result fully depends on the SPF result, i.e. a DMARC pass will only happen if there is an SPF Pass with an aligned claimed sender. If there is no SPF policy on the domain the SPF result is None, which means that it is not Pass and thus the DMARC cannot be pass either.
Steffen Ullrich
- 184,332
- 29
- 363
- 424