On Tue, Mar 15, 2016 at 6:43 AM, Rolf E. Sonneveld < r.e.sonnev...@sonnection.nl> wrote:
> >> On Mar 14, 2016, at 11:28 PM, Kouji Okada <o...@lepidum.co.jp> wrote: > >> > >> We have submitted a draft about DMARC default verification > >> for domains not publishing DMARC records. > >> Any comments will be appreciated. > > > > Summary: If a domain does not opt-in to using DMARC, treat the domain > > as though it had opted-in to using DMARC with "p=none adkim=s aspf=s". > > Once that's deployed, change it to "p=reject adkim=s aspf=s". Possibly > > do "p=quarantine" between the two. > > > > There are multiple problems with this suggestion. > > > > Firstly, DMARC is an opt-in protocol for good reason. > <elided> > > > > In none of those phases does your draft add any value. If a receiver > wants to > > pay attention to > > whether mail is authenticated or not it can already do so, and it can do > so much > > more effectively than any approach that requires strict DMARC style > alignment. > > Well said, +1. At the risk of piling on, but feeling the need to have an assertive "hum" on the topic, I think that Steve Atkin's critiques are spot on. A receiver may reject mail for any reason that they so choose (subject to whatever jurisdictional rules and regulations they operate under), but calling it DMARC or "inferred DMARC" is abusing the term to no good effect. --Kurt
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
