Can't practically require both SPF and DKIM with DMARC anyways. Doing so would also be dumb as it would break forwarding (even when DKIM would otherwise remain intact).

Deprecating SPF would do everyone a favour though. Especially for reasons like these.

▲

neuronflux 5 days ago | parent [-]

SPF alignment ensures the MAIL FROM domain matches the From header. DKIM alignment ensures the From header matches the domain in the DKIM signature header. In the DMARC policy, you can set both adkim=s and aspf=s.

Google owns and manages all of this, so they can send emails with a google.com MAIL FROM, a google.com header, and signed with a google.com DKIM key. And they could do likewise with gmail.com emails.

I'm not clear on why this isn't practical, perhaps there is something I'm missing though? I would appreciate your viewpoint.

Edit: I see you added a point about forwarding.

	▲	Avamander 5 days ago \| parent [-]
		DMARC specifies that SPF alignment is checked for the domain in the MIME From. The domains in SMTP and MIME From do not have to be the same (nor both align). Your MTA can still check alignment for both HELO and SMTP From as specified by SPF's RFC(s) though and spam filters often do for extra information/signal. DMARC's adkim/aspf aren't basically supported in practice. Nor they should be. For reasons already mentioned, as you already read.