Murray S. Kucherawy writes: > > DMARC change is even more off the table than MLM software change > > (which does, as you suggest, evolve over time). > > Are there changes people want to make?
I am of the opinion that the technical DMARC protocols (including "p=reject") are fine. I have not heard of any complaint about use by banks (Bank of America joined the ranks of "p=reject" banks some time in the last 10 days AFAICT). Have there been any? I'm sure that the probability of technical bugs in the protocols remaining is not zero, but I imagine they'll be fixed as discovered. I believe that is also the opinion of the Mailman developers (specifically, they've seen a document where I expressed a similar opinion and generally expressed approval of the document as a whole). The issue is use of "p=reject" by ESPs whose users think they can send mail to anywhere they want. I would like the logical consequences of unilateral publication of "p=reject" without prior arrangement with *all* possible relays spelled out. Something like: Publishing a DMARC policy including "p=reject" has the following consequences. Users who attempt to 1. post to a mailing list 2. use QuickBooks 3. send content to a friend from the Wall Street Journal etc, etc may find their message bounces or is silently discarded. This is expected according to the DMARC specification when faithfully implemented, even when all services in all domains are functioning normally and in conformance to all relevant Internet standards. ESPs SHOULD notify their users of these consequences at the time of publishing a policy including "p=reject". N.B. I haven't discussed this with the Mailman community, but I suspect they would approve. As a technical specification of what the ESP refuses to fully support by publishing "p=reject", I think the list Franck Martin posted is a pretty good start. To ESPs who object, "But that's not what we meant!" I reply, "I know. But Code is Law, everything else is cheap talk. Those are the results *your* protocol and *your* policy say *your* users should expect. Why don't you want to tell them about it? After all, you're doing it for them. Your users will undoubtedly be overjoyed to discover how hard you are fighting spam on their behalf, right?" _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc