On Sat 08/Jul/2023 20:13:44 +0200 John Levine wrote:
It appears that Richard Clayton <rich...@highwayman.com> said:
They then moved on to just using random identities from the same domain
as the recipient. This led a great many Yahoo users to believe that a
great many other Yahoo users had been compromised, leading to a
significant loss of faith in the integrity of the platform.
We get that, but why did they have to inflict DMARC policy on the
world rather than just adjusting their own mail software to filter out
incoming mail with Yahoo return addresses from other places? I assume
the answer was that the DMARC code was already written so it was
cheaper.
Another consideration is that a non-standard, internal blocking would have been
effective only for their users. Perhaps they though they were doing the rest
of the world a favor by following standard protocols. Had that MUST NOT been
in place then, /perhaps/ we'd have spared ourselves lots of fuss and p=reject
would have remained a seldom deployed feature.
strong, mailing lists (and other forwarders that mangle email) have been
coping with p=reject for nearly a decade -- so that trying
(ineffectually in practice) to make their lives easier at this point is
a snare and a delusion.
There seem to be a fair number of people working on ARC who disagree.
+1, when we'll learn to use ARC we can stop From: munging. Will we then
retract that MUST NOT (and DMARCbis with it)?
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
