In article <ef057e0c-391b-5846-4d81-b0863c7cc...@tana.it>, Alessandro Vesely via dmarc-discuss <ves...@tana.it> wrote: >I'd favor domain.INVALID. Its only defect originates from a dubious >reject-on-nxdomain advocacy, which would require to use domains with wildcard >records (e.g. domain.REMOVE.DMARC.TRAILING.PARTS).
I did INVALID for a while and it was a really bad idea. Header addresses in a non-existent domain are a strong spam signal. I do wildcard *.dmarc.fail addresses and they work fine. My mail server knows what's been rewritten recently and rejects everything else. >I agree it doesn't sound safe. Even if it's only a few days, it looks amenable >to attacks. Having done dmarc.fail rewrites for a several years, my actual experience is that it works fine. The IETF does more or less the same thing, and it works fine. Can you be more explicit what sort of attacks you expect, keeping in mind that they haven't happened yet? _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
