On Sat, Apr 26, 2014 at 6:12 PM, Steve Atkins <[email protected]> wrote:
> 1. Causes no harm to end users at email providers who have not published > DMARC p=reject records. > > 2. Complies with the spirit of the published policies of those who are > publishing DMARC p=reject (loosely, that their users are not allowed to use > email addresses in their domain for mail sent by third parties) > > That is to set up your mail system such that if you receive an email that you > are going to resend (via a forward, or via a mailing list) and that email is > from a domain that is publishing DMARC p=reject records, and you cannot > *guarantee* that any DKIM signature on the inbound email will not be > invalidated by the time the email reaches it's final recipient, you should > reject that email. > > A simpler, and only marginally less accurate, approach to that is to reject > all mail to mailing lists or forwarders from any domain that publishes DMARC > p=reject. As of today, blocking that mail from a small fixed group of domains > that are known to both publish DMARC p=reject and to have users who send 1:1 > email will be just as good, and easier to set up. > > In order to mitigate your support overheads, the rejection should probably > explain to the sender of the email that their ISP has put restrictions on > their use of the email address and does not permit them to send email to the > recipient they're trying to contact, and suggest they contact their ISP to > have those restrictions removed. This really just leaves his customer stuck in the middle; he would be setting it up to turn away people trying to mail his customer. It's a fine solution for a hobbyist scenario where you can just go "screw that, I don't want to deal with any of this," but if it's a case where he has customers that he actually wants to keep, it's not very good advice. Regards, Al Iverson _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
