On Sun, 26 May 2019, Dotzero wrote:
Deploying DMARC seems to mean any subset of these:
1a. Publish a DMARC record
1b. Publish a DMARC record with a restrictive policy
2a. Evaluate DMARC status of incoming messages
2b. Use that status to manage message disposition
3. Collect reports
4a. Send aggregate reports
4b. Send failure reports
I think you are underestimating the deployment. Many receiving/validating
organizations have privacy concerns about promiscuously disseminating
reports. As a result, these organizations limit reports to senders with
which they have either direct contractual relationships or intermediaries
with which they have contractual relationships. Personally I would prefer
to see more and better reporting but I recognize the issues involved. It's
important to recognize that senders publishing DMARC records are indicating
their policy preferences to receivers which choose to validate for DMARC.
Receivers which choose to validate DMARC are not required to provide
records in response to sender requests. I know that reporting is valuable
for senders and to the extent possible we should be finding ways to
encourage and support reporting.
Still sounds like a deployment guide would be useful, no?
Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
