Murray S. Kucherawy writes:
> > DMARC change is even more off the table than MLM software change
> > (which does, as you suggest, evolve over time).
>
> Are there changes people want to make?
I am of the opinion that the technical DMARC protocols (including
"p=reject") are fine. I have not heard of any complaint about use by
banks (Bank of America joined the ranks of "p=reject" banks some time
in the last 10 days AFAICT). Have there been any? I'm sure that the
probability of technical bugs in the protocols remaining is not zero,
but I imagine they'll be fixed as discovered.
I believe that is also the opinion of the Mailman developers
(specifically, they've seen a document where I expressed a similar
opinion and generally expressed approval of the document as a whole).
The issue is use of "p=reject" by ESPs whose users think they can send
mail to anywhere they want. I would like the logical consequences of
unilateral publication of "p=reject" without prior arrangement with
*all* possible relays spelled out. Something like:
Publishing a DMARC policy including "p=reject" has the following
consequences. Users who attempt to
1. post to a mailing list
2. use QuickBooks
3. send content to a friend from the Wall Street Journal
etc, etc
may find their message bounces or is silently discarded. This is
expected according to the DMARC specification when faithfully
implemented, even when all services in all domains are functioning
normally and in conformance to all relevant Internet standards.
ESPs SHOULD notify their users of these consequences at the time
of publishing a policy including "p=reject".
N.B. I haven't discussed this with the Mailman community, but I
suspect they would approve. As a technical specification of what the
ESP refuses to fully support by publishing "p=reject", I think the
list Franck Martin posted is a pretty good start.
To ESPs who object, "But that's not what we meant!" I reply, "I know.
But Code is Law, everything else is cheap talk. Those are the results
*your* protocol and *your* policy say *your* users should expect. Why
don't you want to tell them about it? After all, you're doing it for
them. Your users will undoubtedly be overjoyed to discover how hard
you are fighting spam on their behalf, right?"
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
