from what i can see in all ur discussion, most of the essential goals for this wg are gonna fail.
with very few exceptions, which i include myself into, nobody here is interested into expanding dmarc to actually encompass real-world email usage, but instead, most of participants are glorifying an obviously flawed protocol, or at very least, finding excuses for it, some pretty unbelievable. instead of working on actually functional 3rd party dmarc addons, what i read here is nothing of real consequence to anything. so, imo, dmarc failed on its promise. whoever wants to implement dmarc on their sending domains should just use p=none, and be done with it. and whoever wants to process dmarc on receiving email should just behave as if requested policy is p=none. and in most situations, that's exactly what's happening, when i review my data for last 1y. nobody wants to lose important email. i'm imagining a bank's usage scenario: dmarc affects ur brand's image when 1. legitimate email doesn't get delivered or, even worse, 2. ends up in spam folder. so, while u fight spoofing which end user will not see, u tarnish ur image, which end user will see. in the end, using dmarc, as a bank, u lose. while trying to fix end user's problem of acting on spoofed email, u essentially break ur own email system. i dare to assume that it's obvious to everybody by now - all that's gonna survive from dmarc are its reporting capabilities. so, i will just send an invitation to those who care to concentrate on dmarc's reporting capabilities, making them more robust, more detailed and much better at actually helping domain owners with deeper insights on unauthorized usage of their email addresses. that's all that dmarc can do for us in present state, and, it seems, in any future version too. if it wasn't such a bureaucrat's waste of time, i would propose a change in wg's milestones, pushing for additional work on reporting capabilities. but, alas, i have no such time. i guess we should all wait for next generation of email engineers to get a fully functional email protection protocol, cause the thinking that's currently in the void is not getting us anywhere exactly. it's all about fixes for yesteryear that break something else today, over fixes of old that broke something else yesterday, while waiting for fixes for today that will break something else tomorrow. and malicious activity still thrives. -- Vlatko Salaj aka goodone goodone.tk _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
