On Mar 21, 2013, at 12:56 PM, Elizabeth Zwicky <[email protected]> wrote: > > The minimum implementation for a sending domain is to > 1) put a dmarc record in place -- p=none is sufficient > 2) either DKIM-sign the mail or send it from a source which passes SPF.
Sadly, not all DMARC report generators meet these minimum requirements. > On Mar 21, 2013, at 9:38 AM, Sasi Kumar V (sasiv) wrote: >> If the report sending domain does not have the valid DMARC records, how the >> feedback report is consumed ? I can only speak for my own processing: I don't really care if a DMARC record exists for the report generator's domain - what is important is the ability to tie the report back to an originating domain. If SPF or DKIM passes, there's a domain that can be worked with, and controls can be put into place to manage whether or not the data is wanted. Worse case (try to avoid this!) is to emit DMARC feedback is lacking both SPF and DKIM. From a report-consumer's perspective, it becomes a lot harder to determine if the feedback is legitimate. HTH, =- Tim _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
