On Jan 25, 2014, at 1:33 PM, J. Gomez <[email protected]> wrote: > On Saturday, January 25, 2014 5:05 PM [GMT+1=CET], John Sweet wrote: > >> On Jan 25, 2014, at 6:49 AM, "J. Gomez" <[email protected]> wrote: >>> And what about this additional bullet in that section of the FAQ: >>> >>> * Check plain-SPF before checking DMARC, and if SPF-result is pass >>> then skip DMARC processing. >> >> Wasn't the case of spoofing via (envelope domain != from header >> domain), which passes SPF, one of the problems DMARC was specifically >> designed to address? >> >> Am I missing something? > > Yes, you are missing the point that in order to avoid DMARC breaking mailing > lists, the recommendation should be not to use DMARC if you care about your > users subscribing to mailing lists.
That’s right, for senders. Tiny domains that intermingle 1:1 email and transactional email shouldn’t be using strict DMARC. (Nor should giant domains that intermingle 1:1 email and transactional email, come to that). > DMARC is designed so that Facebook|Paypal|Ebay can autenticate with > Gmail|Hotmail|Yahoo, not for the general small-domain senders of the Internet > to use, and therefore not for the small mailbox providers of the Internet to > check[*]. That’s not. Not yet, anyway. Nobody should be whitelisting unauthenticated email that’s has a p=reject. If they do, they’re kinda missing the point of why their users benefit from DMARC checking in the first place. Given that, there’s no work required by any receiver to whitelist for DMARC, and not much effort for any ISP to use it, once it’s available for the MTA they use. It would certainly be possible for large senders and receivers to conspire to make it difficult for small ISPs to deploy DMARC checking of inbound email, if they were to want to (by large senders deploying DMARC inappropriately for domains that send 1:1 email, and by large receivers creating complex systems to work around the sender misconfiguration). I can’t see why anyone would want that to happen, and hopefully it won’t. Cheers, Steve _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
