Hi,
I was pondering on using DMARC in a passive way: implementing a plugin
for spamassassin (or similar) that would only score/reject/quarantine
based on DMARC alignment and policy, and not handle all the complex
DMARC stuff (mainly database setup, ruf/rua sending).
This would lower the implementation doorstep to test DMARC effectiveness
for interested receivers: such an implementation would need nothing but
access to DNS, making system administration (both setup and maintenance)
a breeze.
I do see the risk that, while intended for evaluation, such a setup
would lower the incentive to switch to a full-blown setup such as the
existing milter solution later on. The specification document has some
notices pointing out the importance of the feedback loop (and I
understand and support them), which are blatantly ignored by the above.
But I still see an implementation benefit for small receiving sites,
whose reports would be less significant to senders (IMHO), as existing
large sites will also send them reports.
My personal point of view: getting a DMARC sender (monitor) policy
running was quite easy for my personal domain, but I did not have time
to implement the receiving side yet, thus I don't get any 'benefits'
that prove to me (and f.i. my $workjob manager) that implementing DMARC
is actually useful. A lower doorstep would be nice.
Note that I don't intend to cripple the feedback concept or DMARC in
general, but just interested in any opinions on this.
Kind regards,
Tom
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
