I do have a known set of sources and I specify them in the SPF TXT record.My SPF TXT record includes blackberry's email servers.
Sure, but DMARC requires that your domain be in either the bounce address or the DKIM signature, and Blackberry doesn't do that.
DMARC policies have little utility for domains that aren't heavy phish targets, and domains with live people rarely are.
By the way, I see that your domain is hosted at websitewelcome, which is well known to be awash in insecure websites, malware, and all of the other garbage endemic to cheap hosting. There's no way that SPF can distinguish between your mail coming from their servers and random spamware that happens to pick your name as a fake return address. So really, if people were inclined to do a Joe job (defamatory forgery) on you, you have worse problems than DMARC or SPF can solve.
R's, John
-----Original Message----- From: John Levine [mailto:[email protected]] Sent: Friday, October 05, 2012 12:46 PM To: [email protected] Cc: [email protected] Subject: Re: [dmarc-discuss] DMARC setup to authorize Blackberry BIS emailsI have a question on how to get a DMARC policy to work when some of my email is sent via blackberry BIS.That's easy -- you can't. DMARC policies can work well on domains whose mail is sent from a single set of fixed sources. They won't work at all on mail domains with live people who invariably send mail in all sorts of different ways that SPF and DKIM don't describe. But it's still worth publishing a DMARC record with p=none to collect the statistics. That's what I do, and I find out all sorts of interesting stuff.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
