On Tuesday, February 25, 2014 8:34 PM [GMT+1=CET], Tim Draegen wrote: > You guys are accumulating a bit of history of not really talking > about DMARC, but instead asserting random things that aren't true, > and then disappearing when asked to do some homework.
Is it true that if you reject incoming email which fails DMARC validation and whose sender's policy is REJECT, then you are in for a world of hurt? Yes, it is true. Therefore, DMARC'S p=reject is not something you can trust, nor follow. Period. There is no clothing that puppet that is going to change this truth about DMARC You can feed a DMARC result of fail plus p=reject as score input into some system to apply some locally crafted algorithms to determine the probability of spamminess/phising, but then your are still not following the stated POLICY of REJECT in the sender's DMARC. That is a truth. About DMARC. You can point to links which say "all is relative", "take it with a grain of salt", etc. That's fine. That, however, does not change the truth that you cannot trust nor follow DMARC's POLICY of REJECT. You, at most, can take it into account as a score/weight to do further local processing - OK, but you are then not REJECTing as per the sender's DMARC policy. Undeniable truth, that. It is the DMARC specification that chose to call it "policy", not "recommendation". And policy is a policy, not a suggestion. Twisting words to fit ex-post facto scenarios/realities is not funny. Perhaps you can spend your whole working day, day after day, fine tuning your local DMARC processing secret-sauce. Good for you. Other people do not have that luxury. Regards, J.Gomez _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
