On Tue, Apr 08, 2014 at 09:01:35AM -0500, Dave Crocker wrote: > > There is a large class of messages that naturally produce properly > "aligned" and authenticated messages in the recipient's mailbox. > ... > For such scenarios, DMARC works well. > > The problem is for more complicated scenarios it does not. Those more > complicated scenarios are legitimate and always have been. Mailing > lists are obviously a good example. Imposing DMARC into those scenarios > breaks DMARC. > > A simple question is whether the benefit of DMARC is sufficient -- and > sufficiently clear -- to warrant such a dramatic reduction in the > flexibility of email use?
Maybe I'm missing the target population for DMARC. Sure, a high volume sender that never sends to an email list or forwarding alias (but how could it know?) gets the desired result - if the recipients' MTA/MUAs check DMARC. But what's the recipients' motivation? I'm on the eyeballs side, in an extremely small way. I'd like my messages to get through and joejobs to be rejected, but I do post to lists :) and there's no way to tell if a recipient has a .forward file. So I can't use p=reject, and I can't reject incoming, because I can barely keep track of the lists I belong to myself, much less for my other users. It's not just DMARC. DKIM has been around for several years now, and lists still break it. Then there are the people with exploding aliases who don't set up an owner- alias. I don't have a solution; I'm just whining, hoping that somebody will say "you dummy, here's what to do." _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
