On Monday, August 8, 2022 9:10:22 AM EDT Barry Leiba wrote: > > What I am hearing is: > > > > "DMARC permits evaluators to meet the needs of certain domain owners, > > specifically domain owners who publish a DMARC policy." > > > > I am disappointed with the perceived indifference to the needs of > > evaluators. > There's a reason for that: DMARC was designed for senders to publish > policy and for evaluators to evaluate based on the published policy. > DMARC was not designed for evaluators to assume anything when no > policy is published. > > It's valid to want some system where recipients can evaluate things on > their own, absent anything published by senders (this is, for example, > what "best-guess SPF" was). But that isn't DMARC, and DMARC was never > meant to handle that.
Agreed. Every attempt to do something like this has ended badly. Heuristics which may, at first glance, appear useful don't generalize well. As an example, I understand that some have suggested taking "advantage" of policies for "equivalent domains" under different PSDs. The problem is that there's no guarantee of any relationship. If anyone doubts it, feel free to replicate my experience when I accidentally typed python.com into a browser instead of python.org. I would, however, strongly suggest not doing at work, or on an employer provided/monitored device or network. It's nothing to do with Python, the programming language. Scott K _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
