John Levine wrote on 2023-04-09 15:55:
When someone sets a DMARC policy for mail from people, it's hard to think of a time when they asked at wll whether that was what the people wanted. Or if they did, they asked something like "do you want your mail to be more secure?" which misses the point.
A domain owner can set their policy without asking their users for permission. Not every sender with mail from people is a mail service provider catering to the general public.
PS: I can make anyone's mail 100% secure by unplugging your mail server but I'm pretty sure that's not what you want.
You can also ensure interoperability by demanding they MUST NOT use any type of authentication, because all it does is impairing mail flows, while the security benefit is nothing that IETF standards should mandate about.
Neither of these extremes is helpful to actually achieve interoperability or security.
Regards, Matt _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
