On 8/5/2023 9:30 AM, Jesse Thompson wrote:
Conformance has a synonym Compliance, which may be a reason why people in the ranks of Security and Compliance in "general purpose" Author Domains fixate on p=quarantine|reject as a rubric to assess their perceived security posture without any serious knowledge/consideration of the email interoperability issues, and then inevitably there's some kind of unsolvable security incident that convinces the CISO to say "damn the torpedoes".
The language used for DMARC has always been problematic. "Policy" implies control, but the domain owner has no control over the receiving platform. Quarantine and Reject declare control that also does not exist.
Governance seems like the best word to me, since Governance is what Reporting has provided to ADs in Monitoring Mode, but I do not want to say DMARG out loud either :-)
Here, too, the domain owner does not govern the platform receiver. d/ -- Dave Crocker dcroc...@gmail.com mast:@dcrocker@mastodon.social 408.329.0791 Volunteer, Silicon Valley Chapter Information & Planning Coordinator American Red Cross dave.crock...@redcross.org _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
