It appears that Laura Atkins <la...@wordtothewise.com> said: >That was my question: is it an interop issue that ESPs (whether they be your >traditional ESP or a SaaS provider that sends >mail on behalf of their customers) cannot support custom domains in the SPF >and DKIM and thus cannot support DMARC? Many of >the current companies have made the decision that supporting DMARC is too >hard, and so what they do is use their own domain >for DMARC (some publish restrictive polices and some don’t).
I don't see how it's an interop problem. They send mail, recipients do the usual DMARC thing with it. The choice of identity may be a business problem between them and their customers, but that's not up to us. I can easily imagine situations where a company figures it's not a particularly attractive phish target, they balance the possible cost of misleading email against the cost of implementing delegated DKIM or subdomains or whatever and decide just go ahead and send. >Should DMARCbis make the recommendation that if you are providing mail >services that you SHOULD be able to support corporate >customers using DMARC? It seems to me purely a business decision what domain you use on your mail, so long as it's not one you're not allowed to use. While I agree with you that it is not great that ESPs punt on DMARC, please see once again my note about trying to enumerate all the dumb stuff people might do. R's, John _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
