As it stands, the best advice I can give to people about implementing DMARC is to collect the statistics, but do not publish a policy or believe policies that other people publish, which is unfortunate.
I agree. It's unfortunate that this is the best advice you can give. I also find it odd that you insist on giving it, since there are people who can give significantly more useful advice, and it generally goes against what is actually done with it in production.
I mean for mail systems too small to be able to have a staff that can maintain special case whitelists for incoming forwarders, not for giant systems like Facebook. I run a bunch of mailing lists, with a lot of subscribers on small mail systems. If they try DMARC and find themselves bounced off lists, and losing mail from people who forward their mail via Gmail and Yahoo, what am I supposed to tell them?
This is the exact same problem as with spf -all and ADSP, and I suppose it's unsurprising that we seem to have learned so little from the past couple of rounds.
R's, John
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
