Near as I can tell, the only way I can employ a DMARC p=reject for my domains and still get my messages delivered to inboxes at gmail and Yahoo is to: ...
We've discussed about a million times why DMARC policies are not appropriate for domains with users who send mail through mailing lists, send mail from their gmail accounts, and do all of the other stuff that live users do.
You're suggesting a complex, fragile kludge that by design would put a gigantic replay security hole in DMARC. Can you explain in detail why the rest of the world should do that, rather than you simply publishing an appropriate DMARC record?
Also, if you believe that it is very important for people to be able to identify mail you send from your servers, why aren't you signing it with S/MIME? You can do that right now, and S/MIME survives complex forwarding including mailing lists pretty well.
Regards, John Levine, [email protected], Taughannock Networks, Trumansburg NY "I dropped the toothpaste", said Tom, crestfallenly.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
