On 02/25/2014 02:58 AM, J. Gomez wrote: > So, in other words, there is not such a thing as a POLICY of REJECT in > DMARC; and if there was ever one, you just cannot trust it nor follow > it (as a receiver).
Funny, the latter part of that statement is what I remember the large receivers telling me ~10 years ago when I asked them to block messages that failed SPF checks. The assertion being that they couldn't trust that senders correctly understood or implemented SPF records and the impact they would have. I view DMARC as the result of senders and receivers working together to find a way to make that blocking possible for many, but not all, cases. DMARC can very effectively block abusive messages at scale. Where almost all spurious messages were being allowed through for a particular domain before publishing a "p=reject", less than 1% were being allowed through after publishing that record. And yes, that's even with any "secret sauce policies" or exceptions previously mentioned in this thread. We're talking about millions of fraudulent messages being kept out of mailboxes, and I'll take those actual results every time over any quibbles about DMARC's design. Thank goodness the receivers see the value in dedicating the manpower and resources it takes to implement their side of it even if they "just cannot trust it" - I'll continue to do so on the sender side where ever I can. --S. _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
