>I hope some solution to this problem with mailing lists is found. On further consideration, there are some straightforward fixes that puts the work where it belongs and avoids causing damage to third parties;
a) Implement p=reject by discarding mail rather than SMTP rejects. That's what we did in ADSP. You still run the risk of losing mail your users want, but that's between you and them, and it's inherent in any scheme like this. b) If a mail system implements p=reject on incoming mail by SMTP rejects, it MUST first identify sources of mailing list and other "friendly" forwarded mail and not apply DMARC to them. This appears to be what Google does. c) Since the number of domains subject to active phishing is relatively small, just do p=reject for those. This is roughly what Facebook does, although I think they flip the list the other way, a list of DMARC to ignore. R's, John _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
