Why use DMARC when SPF -all can do the job?

Gordo2019 asked:

With DMARC I can set the policy to rejct mail.
But isn’t it the same I can do with -all from within a SPF?

Same goes for quarantine and a softfail ~all.

Beside the reporting where is the benefit using DMARC on top of SPF?

My answer:


SPF only specifies which addresses are authorized to send mail for your domain. It is up to the recipient to decide what to do with that information.

DMARC allows you to indicate exactly what actions you would like recipients to take when the SPF check fails.

These are not redundant, but complementary.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.