The DMARC requirement only applies to senders who send at least 5000 e-mails per day to gmail-recipients.
I'm not a fan of DMARC. SPF and DKIM already do their job well enough. Then people add DMARC with "p=none" just to tick their "have DMARC" box. Even google suggests a policy of "none" is ok, but doesn't mention that this means SPF and DKIM will be ignored.
which loophole? I didn't see it mentioned in the article.
and this quote is not correct:
> Note that an email doesn't need to pass both DKIM and SPF. Just one is enough to validate an email.
Unless it was said in regards to DMARC, it usually depends on the mailfilter of the receiver. If it was said in regards to DMARC then it's just another point why DMARC is bad.
I'm not a fan of DMARC. SPF and DKIM already do their job well enough. Then people add DMARC with "p=none" just to tick their "have DMARC" box. Even google suggests a policy of "none" is ok, but doesn't mention that this means SPF and DKIM will be ignored.