Scott Kitterman writes: > Yahoo, for example, already consider the impact of this and other > breakage to be less than the benefit of p=reject.
True, but the benefit of p=reject is huge: Yahoo! claims malicious mailflows of more than a million messages per minute disappeared like magic when they published p=reject. Such a flow surely stressed their systems, and I'm sure they consider the potential for high losses due to contact-list-based phishing to be important, if only for the damage to their reputation that would ensue. > I expect their willingness to invest engineering resources in > further reducing a level of breakage they've already determined is > acceptable will be limited. Of course it's limited. But the only cap I can be sure of is the difference between benefit of p=reject (see above) and cost (1 day of manager-admin meetings to decide to do it, and 15 seconds of admin time to change the DNS record, ie, basically zero). I believe that difference to be orders of magnitude larger than the cost of implementing a dozen delegation protocols, and therefore irrelevant. What matters is the benefit that the p=reject domains perceive to improving service to their mailbox users. I have no information about that. Of course I suspect that the value to them of such improvements is close to nil, but until they actually say that, I'm going to hope. If you have better information about how much they value such improvements, I'd love to hear about it. But I rather doubt you do; the techs surely don't have the authority to say they will do it, and at best a guess of what they need to offer management to get permission, and management won't discuss the value of a bird in the bush (not if they have half a brain amongst them, anyway). _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc