On Sat, 27 Mar 2021, Jim Fenton wrote:
It sounds like they're asking DMARC to do things it doesn't do. If you
can't ensure that everything sent with your domain on the From line is
signed with your signature, you shouldn't publish a DMARC policy.
Agreed, but in some cases, such as US Government agencies, the publication of
a p=reject policy is required:
https://cyber.dhs.gov/bod/18-01/
Unfortunate IMO that they created this requirement based on an informational
RFC.
The government agencies have a different problem -- they do it on the
cheap with SPF only, so mail falls on the floor if it's forwarded. I
handle the mail for my local town government, most of which is forwarded
to their gmail accounts, and they were losing a lot of important mail from
the US Census.
Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
