1

I've googled around and even tried to find the answer in the RFC to this one.

For this question, let's assume DKIM will always fail and leave it out of the picture.

If the DMARC policy is p=reject and the SPF is configured to SoftFail (~all), should the recipient reject the message in the event of a SoftFail?

Or should p=reject only reject the message in the event of a HardFail.

Juicy
  • 169
  • 5
  • There are no hard and fast rules. Read RFC 7208 section 8. – Michael Hampton Dec 03 '18 at 01:38
  • The question is if there is a relation between the type of fail resulting from the SPF check. There is not. Only a `Pass` result will negate the `p=reject` DMARC policy. That said, indeed, there are no hard and fast rules on how to treat hard and soft fail results for SPF in itself. The RFC states on [Hard] Fail, section 8.4: "Disposition of SPF fail messages is a matter of local policy." – Reinto Dec 31 '18 at 14:55

1 Answers1

2

For DMARC to pass, either SPF or DKIM needs to pass and you have neither therefore the DMARC policy will be reject.

ChrisBint
  • 131
  • 1
  • 1
  • 5
  • This is exactly right. Assuming DKIM will not result in a `PASS`, any other result than a `PASS` on SPF will trigger a Reject from DMARC perspective. This holds true for `PermError`, `Neutral`, `Soft Fail`, `Hard Fail`, or absence of an SPF record. – Reinto Dec 31 '18 at 14:42