A good section of our charter is collection Operational experiences. Doing an Operational BCP on DMARC based on data collected is what the WG should do after DMARC-bis.
tim On Mon, Dec 7, 2020 at 7:50 PM Michael Thomas <m...@mtcc.com> wrote: > > On 12/7/20 4:44 PM, Dave Warren wrote: > > On Sun, Dec 6, 2020, at 22:31, Michael Thomas wrote: > >> there are clearly many use cases where that isn't a problem -- like bank > >> transactional mail -- and ADSP was just fine for that. > > There were still surprises to be had here. I still, to this day, find > mail direct from various senders that are wanted by the recipient but that > fails SPF without forwarding (with a -all) or hits a dmarc=reject. I > quarantine such for review and release to users as needed. > > > > Obviously lots is spam, or forwarding that broke SPF or whatever, but > just as often it is a small piece of a big company doing something without > fully understanding how modern email works. Oddly it is often security > sensitive stuff, not crazy long ago it was Facebook password resets, often > it is 2FA codes (which are probably going through a separate channel to get > immediate delivery without risking backlog?), and other reasonably > important things from parts of the company that I would expect to be at > least moderately aware of the email security world. > > > > I agree that ADSP was theoretically fine for this type of use, but in > practice, DMARC's feedback simplifies things a lot when a client complains > their outbound mail isn't making it and we can quickly see what is being > rejected. > > > > it is an imperfect world. > > I fear that DMARC's reporting only confirmed the obvious: this is hard. > It gave numbers to anecdotes. That's really useful, don't get me wrong. > Hopefully it can be used to suss out how to demarcate the long tail of > don't care use cases. > > Mike > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc