On Sun 09/Apr/2023 20:33:54 +0200 Barry Leiba wrote:
There is an alternative, though: we can acknowledge that because of how those deploying DMARC view their needs over interoperability, DMARC is not appropriate as an IETF standard, and we abandon the effort to make it Proposed Standard.
That sounds perfectly reasonable. If we actually /propose/ a standard, we can drop the slippery concept of general purpose domains and seek to open the era of authenticated email for every one.
I see that as the only way forward if we cannot address the damage that improperly deployed DMARC policies do to mailing lists.
The correct way to address that is to propose that mailing lists too authenticate their posts, so that subscribing to a mailing list doesn't entail a security risk. Let ARC prove their correct filtering and encourage receivers to override DMARC failures in MLs' streams, after subscription confirmation.
Best Ale -- _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
