In article <78fd8b26-0bed-ac36-842d-a851ec04d...@wisc.edu> you write: >On 8/7/20 2:12 PM, John Levine wrote: >> My guess is that MIT figured Microsoft will host this for free, that's >> great, totally unaware that some of its users' mail would silently >> break. > >Customers of Microsoft don't like to call things bundled in an expensive >package "free".
I have no idea what their pricing ie. My university uses Gmail for the alumni service and I believe that actually is free. >Maybe it was inflicted by the domain owner onto the person maintaining the >mailing list. (In my experience, this is >where people realize that no one has been maintaining/patching the mailing >list, unaware of DMARC, etc.) The IETF is entirely aware of DMARC, and their main mailing lists use a version of my dmarc.fail hack. This one's off in a corner, on the list of things to be cleaned up. >My peeve in recent years is that universities were essentially coerced >(economically) into being the customers of >Microsoft/Google and then the email admins are told to sit down and let the >adults talk about what they think customers >need from DMARC, ARC, etc. It's why I'm constantly sticking my foot in my >mouth here and M3AAWG; trying to assert a >voice. If it's not obvious, we do appreciate it. Way too many of them say whew, we can blame the vendor and not worry about it. >We need faculty/alumni/emeriti forwarding to work without being told that >Microsoft can't do it without breaking DMARC. Yup. >We need spoofing protection for all of our domains without being told we're >misdeploying. I would be interested to better undertstand the meaning of "need" here. It is my impression that most people vastly overestimate how much of a phish target they are. Paypal and big banks certainly are, other places, a lot less so. R's, John _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc