a) Implement p=reject by discarding mail rather than SMTP rejects. That's what we did in ADSP. You still run the risk of losing mail your users want, but that's between you and them, and it's inherent in any scheme like this.I think this is a good idea, but it does open the door for even more ambiguity in how receivers implement DMARC. Perhaps it would make sense for a subsequent revision of the DMARC spec to include a policy of 'drop' in addition to the existing 'reject' policy.
Please, no. This is a quality of implementation issue, not a policy issue.
DMARC p=reject means the same thing as ADSP discardable, the sender is so worried about phishing that it doesn't want you to deliver the mail if there's any doubt about its authenticity, even though that may mean losing real mail your users want.
Regards, John Levine, [email protected], Taughannock Networks, Trumansburg NY "I dropped the toothpaste", said Tom, crestfallenly.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
