On 03/24/2015 01:38 PM, J. Gomez wrote:
> I do not agree. As long a major ESPs downgrade p=reject to p=quarantine or
> even p=none on reception of email which fails DMARC checks from domains whose
> Owner has published p=reject, DMARC is little more than a reporting protocol
> as Vlatko Salaj has already said in another post to this list. Which is nice,
> but is not a "success as an implemented technology in the real world" for
> DMARC, because DMARC aims to be more than just a reporting tool.
DMARC is not some declaration of the divine right of domain owners to
exercise absolute control over any message where their domain appears.
DMARC is a protocol that enables domain owners/senders and receivers to
*collaborate* in detecting and eliminating fraudulent messages that
claim to originate from a given domain. There is implicit and explicit
give-and-take in that relationship.
Policy expressions from domain owners ("p=reject") are requests - ones
that are followed in most cases - but no receiver is offering an
unreserved, 100% guarantee that they won't act otherwise when they feel
doing so is in the best interest of their users.
The fact that receivers can and will do what they think best, even in
the face of a given policy request, runs throughout the DMARC specification.
> In fact, I think that if at the end of all this process we cannot find a way
> to make p=reject to be reliably relied on, then p=reject should be suppressed
> from the DMARC formal specification, as p=reject would effectively be equal
> to p=do-whatever-who-cares.
Again, in my experience, receivers do honor policy assertions in an
overwhelming majority of cases.
The reporting mechanisms in DMARC are there to help domain
owners/senders improve the authentication rates of their legitimate
mailflows - so the receivers can block more fraudulent messages, more
reliably. Without the support for so-called "blocking policies," you
have eliminated the reason for receivers to pay for complex, expensive
DMARC filtering and reporting.
--Steve.
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
