Dotzero <dotz...@gmail.com> writes: > One might point to the fact that DMARC was just such an effort before > it was publicly published. While there was much criticism of this when > it was submitted to the IETF - "You just want us to rubber stamp this" > - there was no such intent. It had worked well within the group of > senders and receivers implementing it through private peering that the > effort was made so that any domain of any size, both senders and > receivers, could implement it if so desired. I think the adoption rate > in the wild speaks for itself (volume of mail covered by DMARC).
Volume of mail covered by DMARC seems to be rather unimpressive unless you count p=none as covered. > You have left out one significant way of convincing receiver domains > and their admins. We used to have our CSRs (customer service) tell > people who received spoof emails (resulting in phishing, malware > compromise, etc.) from emails claiming to be from our domains that > they should contact their mail provider or email admin because the > problem could have been avoided if DMARC were being checked. We would > even provide them with the details and a form with all the information > in non-technical terms. It is amazing how quickly a provider pays > attention when their customers/users are complaining to them that the > provider could have prevented the heartache and grief but chose not > to. Again, this was for domains sending transactional mail with only a > limited number (intentionally) of role and support accounts. You can obviously do all that, but that is not what Douglas E. Foster advocated. > While IETF is not a lawmaking body, it has an impact on the decisions > of lawmaking bodies just as the decisions of lawmaking bodies can > impact the implementation of standards. Using the IETF as a way to get laws passed favouring ones business seems at best underhanded. _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc