On Mon, Jul 20, 2020 at 6:05 PM Jesse Thompson <jesse.thompson=40wisc....@dmarc.ietf.org> wrote: > > > > It calls into question whether we (or any domain) should publish DMARC > policies. Gmail.com doesn't publish a DMARC policy, after all, and many > people (such as some on this list) are using gmail.com to subscribe to lists, > and they don't have to suffer the consequences of DMARC.
I interpret Gmail's approach as a fine marketing decision. It means mail from gmail.com is more deliverable than mail from yahoo and aol. They must be smiling every time some domain rejects end-user mail for DMARC violations. > > I think that we just have to agree that From-munging by MLMs is a permanent > reality. It needs to be documented more prominently (and promoted as part of > the DMARC marketing) so that implementations are more consistent, so that > un-munging tactics and/or MUA behavior can be consistently implemented. > I'd be happier for the proposed standard to say that DMARC policy "SHOULD NOT" be compromised by rewriting From lines-- and see how that goes over. My reasoning is that blessing the practice makes it easier for bad actors to craft spoofed mail and get it accepted. The opposite of the purpose of DMARC, isn't it? -- Joseph Brennan Lead, Email and Systems Applications _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
