On 12/23/2016 10:31, John Comfort wrote: > Yet with 'quarantine', you are at > the mercy of the receivers policy handling rules. As the RFC states in > section 6.6.4: the Mail Receiver SHOULD quarantine the message
DMARC is a cooperative system between Senders and Receivers, rather than a prescriptive system. Receivers cannot compel Senders to adopt email authentication, any more than Senders can command Receivers to obey their published policies.[0] But DMARC provides a framework within which the two parties collaborate to block fraudulent messages. As the Senders adopt and get more accurate authentication coverage, Receivers will generally converge on and follow their policies in more and more cases. In reality, through the feedback DMARC provides, Senders and Receivers tend to reach very high levels of compliance between expressed policy and application. > I would assume this is one of the primary reasons these financial > institutions were adamant about moving from 'none'. Senders are entirely at the mercy of the Receivers no matter what they may think. Try telling Google or Microsoft what to do sometime... However the customers shared by the Senders and Receivers generally want to hear from the Senders, so the Receivers find it's in their interest that the legitimate messages get through. --S. [0] One can certainly argue that the improved deliverability of adopting email authentication compels Senders to do so. But strictly speaking that's an incentive beyond a command from the Receiver. _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
