On Feb 19, 2014, at 11:58 AM, J. Gomez <[email protected]> wrote: > On Wednesday, February 19, 2014 7:41 PM [GMT+1=CET], Dorai Ashok S A wrote: >> Is there a way of saying no special cases in DMARC ? > > Not that I know of.
I tried to clarify in previous post why the ability to add "no special cases" doesn't help the situation. In short, "no special cases" as expressed by a domain owner doesn't help the receiver as they deal with the complexity of how email flows into their infrastructure. > As DMARC breaks mailing lists, DMARC-aware receivers will always apply local > policies to override DMARC policy p=reject as per each receiver's > secret-sauce in-house recipe. The above statement is almost accurate. DMARC-aware receivers can apply local policies to override DMARC policy when it makes sense from their perspective to do so. EG: override for recognized mailing lists or forwarding. It's there for a reason. > > So you can publish DMARC p=reject, but it is going to mean little to the > world, because the world just cannot trust that you REALLY mean a DMARC > policy of p=reject when you publish it. Perhaps when DMARC is more widely > known that in-the-trenches reality will change. The above is not true. Receivers supply feedback to domain owners so that domain owners can accurately implement email authentication. The "social contract" in place is that receivers will enforce p=reject policies when requested by domain owners because this feedback is made available to domain owners. This is how trust between receivers and domain owners is created. J.Gomez, as an experiment you might try attempting to deliver unauthenticated email for a p=reject domain into a DMARC-compliant receiver. The experiment might change how you write about the world and in-the-trenches reality. > > Google as a receiver currently applies their own secret-sauce policy to > sender's DMARC policy of p=reject, and the rest follow. "Secret sauce" is usually applied to how receivers determine what is spam vs what is not. Spammers want to know what they need to do to avoid being identified as "spammer", and so the shield of secrecy... secret sauce... was born to avoid telling spammers how to avoid detection. In the context of DMARC, Google's internal methods of determine what are mailing lists and where forwarded email comes from is probably better considered as "internal methods of detecting emailing lists and forwarded email". Definitely not secret-sauce, as Google will happily tell you when they think they get your email via mailing list and/or forwarding... they include this in their DMARC-XML reports. Just trying to be helpful, =- Tim _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
