>
> Paypal sent a real message about a genuine transaction authorized by a
> real user with a real account that he went through considerable effort
> to set up. There is nothing spoofed or abusive about it. Publishing
> a TXT record that conflicts with that doesn't change the reality, it
> just means that the TXT record is wrong.
>
>
I've been following this discussion with interest, since my knowledge of
DMARC/DKIM/SPF is clearly many levels below all participating. With my limited
knowledge I've obviously stumbled into a complex area without realising all of
the implications. I'm won't be so presumptuous as to try and contribute to any
of the arguments involved, but in case it's a helpful datapoint for anyone I
would like to correct the above account of my particular situation. Yes, I have
a Paypal account that I deliberately setup, and yes, there is, behind all of
this, a genuine transaction involved. However: the refund in question was
authorised some time ago, and I had no specific knowledge that Paypal was going
to send out an email later, the wording of which I had neither seen nor
approved. Although I have now changed my TXT record in the light of my newly
acquired understanding of its implications for mailing lists, the behaviour in
respect of Paypal was *exactly* as desired. I don't approve of !
Paypal se
nding emails purporting to be from me as a product of my transactions on their
website, since I neither wrote nor approved those emails - their systems did.
Of course, whether my position on the matter is one that the DMARC spec is
intended to support I will have to leave for the more qualified to decide.
Lucian
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
