On Monday, February 24, 2014 6:43 AM [GMT+1=CET], Roland Turner wrote: > On 02/20/2014 05:42 AM, Dorai Ashok S A wrote: > > > You have a valid point here. I now understand why the receiver > > gives a reason "forwarder" and accepts the emails. I just hope its > > not exploited to get around DMARC controls. > > I meant to comment on this earlier. > > DMARC appears to draw an unavoidable parallel with access control > mechanisms in the minds of Domain Owners frustrated by the abuse of > their domain names (e.g.: your first post used words like "enforce" > and > "unauthorized", the latter in bold). This is perhaps unavoidable, but > things may run more smoothly if we ever come up with a way to more > accurately communicate DMARC's intention to those who encounter it for > the first time. > > DMARC is best understood not as the FUSSP but as a pragmatic tool that > helps Domain Owners and receivers co-operate on an > otherwise-intractable > problem, consequently it doesn't attempt to solve the entire spoofing > problem, it merely attempts to make progress on part of the problem. > The > fact that the real-world email system contains situations where DMARC > can't make decisions as accurately as Domain Owners and receivers > would > like (e.g. legitimate forwarders and independent senders exist and > engage in a variety of perfectly reasonable behaviours that don't mesh > well with DMARC) isn't a vulnerability in DMARC (i.e. something that > can > be "exploited"), it's just a problem that DMARC doesn't purport to > solve.
So, in other words, there is not such a thing as a POLICY of REJECT in DMARC; and if there was ever one, you just cannot trust it nor follow it (as a receiver). At least we still have the reporting feature of DMARC, as something which is actually useful (for the senders). Regards, J.Gomez _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
