So, what am I trying to accomplish, aside from the trivial goal of making hackers stop emailing me?
As we hardly need tell you, there's no cure for stupid. Perhaps a comment in your DMARC record saying that bug reports will be met with ridicule, and some procmail scripts to ridicule any bug reports that mention DMARC would help.
It feels to me like my unease about DMARC stems from the fact that the folks who wrote the spec and the sites that are enforcing DMARC have a markedly different philosophy than I do about email.
DMARC was originally intended for places like Paypal that have severe forgery problems and consciously are willing to lose some mail in return for less forgery. (It probably helps that the only mail Paypal sends says "something happened, log in to your account to see what it is.") Then AOL and Yahoo used it to outsource the costs of having their user address books stolen and things went downhill from there. Now as you've seen it's the FUSSP of the month.
I use p=none and ask for reports, which I process automatically with some little scripts that put the interesting bits in a mysql database at which I very occasionally look. Sounds like that's right for you, too.
The scripts are here: https://www.taugh.com/rddmarc/ R's, John _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
