> I think it would be easy for someone coming in to DMARC to assume that >a "reject" policy is absolutely the top of the chain where everybody >ultimately needs to be. I would just point out that reject has its own >special set of pitfalls.
Of course. One of the problems we've seen with just about every anti-abuse technique every invented is that some people want it to be the super anti-spam magic bullet, and they insist that the entire world of e-mail needs to twist itself around to match the technique du jour. DMARC is a perfectly workable way to detect some kinds of phishing, and it's a nice way to collect statistics about mail that appears to be from your domains. But it's no more the magic bullet than any of its predecessors, and anyone who asserts that everyone should be doing p=reject has just let you know that he or she doesn't understand e-mail very well. I suppose we could add a paragraph or two to the DMARC draft explaining what domains could usefully publish a policy other than p=none, but experience suggests that it wouldn't help. -- Regards, John Levine, [email protected], Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
