>> if this maillist here would change i bet it would be more >> understandable on what not to do
> The advice hasn't changed: don't set a DMARC policy other than p=none on > domains > used by human users. We know that some large domains have disregarded that > advice, but it doesn't make it any less correct. I understand this position because it's a position I take many times here at work. However, as has been pointed out to me, just because I am correct doesn't mean that I am right, nor that I don't have a problem to solve. Given that large email providers like Yahoo and AOL do publish p=reject records, how is the rest of the email community going to deal mailing lists and other legitimate cases that fail DMARC? It's not enough to say "Yahoo and AOL shouldn't be doing it." That ship has sailed. The question now is what can we do to improve user experience? Several answers have been proposed: 1. Do nothing and let domains that publish p=reject live with the consequences 2. Don't permit domains with p=reject onto mailing lists 3. Mailing lists should reformat the message to prevent DMARC failures 4. Email receivers should be selective about how they enforce p=reject - send it to Junk or even skip enforcing it from known good emailing lists 5. Extend DMARC so that it supports mailing lists 6. Something else? These each have their pros and cons but it seems to me that working to support p=reject with mailing lists is a net benefit to everyone. -- Terry -----Original Message----- From: dmarc-discuss [mailto:[email protected]] On Behalf Of John R Levine Sent: Friday, May 2, 2014 7:52 AM To: [email protected] Cc: [email protected] Subject: Re: [dmarc-discuss] DMARC woes - forwarding signed / encrypted e-mail >> Authentication-Results: iecc.com; spf=pass >> [email protected] >> spf.helo=dragon.trusteddomain.org; >> dkim=fail (bad signature) header.d=forged.junc.eu header.b="OI+bj08L"; >> dmarc=fail.none header.from=forged.junc.eu policy=none > > its still my hope a maillist that is created for showing how dmarc > works should stop create false alarms on domains that use p=reject > where users say its a problem with it, when its not > > if this maillist here would change i bet it would be more > understandelble on what not to do The advice hasn't changed: don't set a DMARC policy other than p=none on domains used by human users. We know that some large domains have disregarded that advice, but it doesn't make it any less correct. Regards, John Levine, [email protected], Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html) _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
