On Tue, Apr 25, 2023, at 8:06 PM, John Levine wrote: > It appears that Scott Kitterman <skl...@kitterman.com> said: > >My recollection is that a general formulation that I proposed had at least > >some traction out of both groups: > > > >> [some appropriate description] domains MUST NOT publish restrictive DMARC > >> policies due to interoperability issues > > This seems like a reasonable approach. As a purely practical point, I > cannot imagine this document getting through the IESG without some > clear guidance about DMARC's interop issues. > > R's, > John > > PS: If anyone was going to suggest we just tell people how to change > their mailing lists to work around DMARC, don't go there.
How about: Domains owners who have users who individually request 3rd parties to emit mail as an address within the domain MUST NOT publish a restrictive DMARC policy if they wish to support their users' usage of any potential 3rd party. Examples of 3rd parties include mailing lists and email service providers. These 3rd parties are not always aware of, or willing to work around, DMARC. Domain owners implementing DMARC as a means for governance by restricting the unauthorized usage of the domain MUST be aware that not all of the 3rd parties will make changes to work around DMARC, resulting in interoperability issues for their users' usage of the 3rd parties. Domain owners SHOULD provide an alternative address for these users within a cousin domain or subdomain that is not directly associated with the organization's brand-associated domain that is used for marketing and transactional email that needs the security benefits of DMARC. These users MUST use an address within a domain that does not have a restrictive DMARC policy. (Not a troll. Not directly aware of humming (sorry, it's on my bucket list). Hopefully, didn't touch the 3rd rail. Honestly, in good faith, representing the perspective of an extremely large domain owner, users within said policy-restricted domain, and as a 3rd party commonly used by these, and similar, users.) Jesse
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc