Maybe it is time to rethink this, or open a more official dialogue. I understand folks don't want to send reports. I understand the privacy issue. However, without these reports, or at least *some* information sent regarding the unaligned emails, we are at an impasse to migrating to a 'reject'.
Nothing you can say will make people send you reports if they're not already inclined to send reports. To put it bluntly, your problems are not their problems.
The aggregate reports they do send include the IP addresses of hosts sending mail that fails SPF or DKIM, and I've usually found it pretty easy to figure out whether it's just spam, a mailing list, or something else legit.
For certain environments (e.g. financial), we cannot reject *any* legitimate emails and therefore require verification of all emails that are rejected.
Since there is no possible way that DMARC can describe all legitimate e-mail, you'll never be able to reject anything. I wouldn't want the job of doing your organization's spam filtering.
Regards, John Levine, [email protected], Taughannock Networks, Trumansburg NY "I dropped the toothpaste", said Tom, crestfallenly. _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
