Scott Kitterman <skl...@kitterman.com> writes: > Also, doing anything based on an ARC header field from anything other > than a trusted source is a recipe for failure. I've already seen > cases where spoofed email got accepted due to ARC from an untrusted > source. Don't forget the limitations of ARC.
I am not particularly worried about spoofing of domains under my control. They are at p=none and cannot change to quarantine or reject due to the mailing list issue. In the past, the stance of DMARC has been clear, saying that use cases like mine cannot be handled by DMARC policies and therefore p=none is the only option. p=validate offers me a chance to get on board, at least some of the way. At present, I DKIM sign outgoing mail, but since p=none, the recipients are unlikely to find the DKIM signatures particularly helpful. /Benny _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc