DKIM, SPF and DMARC are in reality not very wide implemented, but the thing is many biggies in the tech scene implemented them, so that millions of mail adresses are now being affected by them.
The thing is, anyone can sign his emails with DKIM. This only tells that he's able to do it, it doesn't tell anything about if it is Spam or not. In fact, many spammers were the first to sigh their mails with it.
DKIM is only a mechanism to make sure the sending domain is not being forged, nothing more, nothing less. DKIM alone is harmless. You can tell your milter what to do with such mails, if you want to.
The next thing is SPF or Sender Policy Framework. This in short allows administrators to setup an IP or bunch of hosts as official mail exchanges, so that you can tell your MTA to discard mails which do not originate in such stuff.
Problem is, for example, web based recommendation formulars, in which you enter your mail adress - broken. Using other MTAs on the road - broken. Forwarding/bouncing mails - might also be broken.
DMARC then is the top of the former two, because the reason of this standard is the ability to provide a policy what other MTAs should do if either a) DKIM or b) SPF or both do fail at the same time.
DMARC is not a way to get less spam, it is only a way to be able to reduce the abuse of your own domain with spam.
And it does break quite much legitimate use cases of email, so it is a bad idea.
Slashdot Mirror
DKIM, SPF and DMARC are in reality not very wide implemented, but the thing is many biggies in the tech scene implemented them, so that millions of mail adresses are now being affected by them. The thing is, anyone can sign his emails with DKIM. This only tells that he's able to do it, it doesn't tell anything about if it is Spam or not. In fact, many spammers were the first to sigh their mails with it. DKIM is only a mechanism to make sure the sending domain is not being forged, nothing more, nothing less. DKIM alone is harmless. You can tell your milter what to do with such mails, if you want to. The next thing is SPF or Sender Policy Framework. This in short allows administrators to setup an IP or bunch of hosts as official mail exchanges, so that you can tell your MTA to discard mails which do not originate in such stuff. Problem is, for example, web based recommendation formulars, in which you enter your mail adress - broken. Using other MTAs on the road - broken. Forwarding/bouncing mails - might also be broken. DMARC then is the top of the former two, because the reason of this standard is the ability to provide a policy what other MTAs should do if either a) DKIM or b) SPF or both do fail at the same time. DMARC is not a way to get less spam, it is only a way to be able to reduce the abuse of your own domain with spam. And it does break quite much legitimate use cases of email, so it is a bad idea.