On 4/29/15 12:09 AM, Stephen J. Turnbull wrote: > Franck Martin writes: > > > I think we should refrain to blame anything or anyone. > > I think that there is no solution attractive to email users possible > without naming names. > > AFAIK[1], it is a fact that the problems that have made "DMARC" a > four-letter word across the Internet are almost entirely due to the > unilateral decisions to publish "p=reject" by *two* domains. Call > that "blaming" if you like, but that fact matters because any *good* > mitigation[2] involves their participation. > > The only alternative I can see to participation by those specific > domains (and any domains producing similar mailflows that may publish > p=reject in the future) is a general agreement among DMARC receivers > to treat "p=reject" as purely advisory (say, -2 spam points if > alignment is verified in SpamAssassin). I know you don't like that > weakening of the protocol, and I don't think it's a good idea, either. > DMARC is a great protocol for direct mail streams, proven in practice. Dear Stephen,
An update of Dmarc-Escape draft attempts to unbury what should be a workable solution. Once DMARC libraries are updated to support an addition that includes a requested policy of "public", the cooperation of problematic domains should quickly become a minor concern. Domains making misleading assertions regarding their email alignment practices, especially in regard to exchanges involving public email would only require a small override to be imposed where an inappropriate "reject" becomes "public". In that case, the Domain Owner wishes for Mail Receivers to reject email that fails a modified DMARC alignment mechanism check will now include the Sender header field or the first email address in a multiple From header field. Failure can only result in Quarantine thereby making DMARC far more compatible with SMTP while also better ensuring against misleading policy assertions and undetected phishing. Domain reputation remains an effective tool when narrowed to specific criteria. The current situation where Author identity of a message being munged is not sustainable nor safe. https://tools.ietf.org/html/draft-otis-dmarc-escape-02 Regards, Douglas Otis _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
