On Feb 25, 2014, at 2:04 PM, John Levine <[email protected]> wrote:
>> So, in other words, there is not such a thing as a POLICY of REJECT in
>> DMARC; and if there was ever one,
>> you just cannot trust it nor follow it (as a receiver).
I have to chime in here before the masses get insanely confused: the above
quote is incorrect.
1. DMARC *does* have both a "reject" and a "quarantine" policy built into it.
You *can* trust it, but you (as a receiver) also have to know what you are
doing.
> Generally speaking, yes. I expect that many receivers manage their
> own meta-policies, to decide whose published DMARC policies are worth
> following.
2. The above is 1/2 right. Receivers do need to manage their own policies.
The wrong part is making the decision point "whose published DMARC policies are
worth following", when it should be "where does email flow beyond control of
domain owners".
To avoid going in circles, I'll reference a previous email:
http://www.dmarc.org/pipermail/dmarc-discuss/2014-February/002336.html
Search for "There are circumstances where email flows beyond the control of
both receivers AND domain owners" and maybe read a paragraph plus or minus.
You guys are accumulating a bit of history of not really talking about DMARC,
but instead asserting random things that aren't true, and then disappearing
when asked to do some homework.
>
> If Paypal says to reject, I'm inclined to do it. If it's Linkedin,
> I'm not.
Both LinkedIn and PayPal are doing incredible work to make email more resilient
to fraud, and they both encounter similar issues. As I wrote above, if you're
basing your decision to enforce DMARC policies on mailing list traffic, you're
absolutely doing it wrong. For more information (homework!), see the last 2
paragraphs of:
http://www.dmarc.org/pipermail/dmarc-discuss/2014-February/002337.html
Just trying to help,
=- Tim
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
