On Friday, March 27, 2015 12:12 AM [GMT+1=CET], Michael Jack Assels wrote: > On Thu, 26 Mar 2015 15:23:08 PDT, > "Murray S. Kucherawy" <[email protected]> wrote: > > > On Thu, Mar 26, 2015 at 1:21 PM, J. Gomez <[email protected]> > > wrote: > > > > > That is why, in my view, DMARC's p=reject has to either be > > > reliable to be relied on, or be suppressed from DMARC's formal > > > specification if it is going to mainly be equal to p=do-whatever. > > > > Can anyone point to a single instance of a sender-receiver policy > > protocol that was "reliable" by this definition, enough that > > receivers would blindly agree to do whatever the sender > > asked/suggested/demanded? > > > > I can't think of any. Some, many, or most of them were supposed to > > be, but it has never turned out that way. I don't know why DMARC > > is being held to a different standard. > > Isn't DMARC holding itself to a different standard? What's a receiver > supposed to do with unaligned mail whose "From:" domain specifies > p=reject? Clearly, the domain owner is explicitly asking that the > message be rejected. If DMARC intends that this be merely one of > many factors to consider, then doesn't it boil down to nothing more > than p=do-whatever?
+1. As it currently is, p=reject already means p=quarantine or p=none, so "do-whatever". We could try to add some extra --and defaulted to be empty/none-- qualifier to the DMARC TXT record in order to optionally, at the Sender's will, upgrade the plain old p=reject to mean "reject-and-yes-i-mean-it-always-dammit-i-dont-indulge-in-indirect-email-flows", so that Receivers can get that extra info from the Sender and therefore be able to guess, with more certainty, that said Sender does indeed has all his ducks neatly in a row when he publishes p=reject; but the proposal to do so has already seen very negative reception, repeatedly, so I will not insist on it anymore. > Yes, I know that receivers can and will do as they please, but some > receivers would be pleased as punch to cooperate in a scheme that gave > solid proof of a message's illegitimacy in every case where it was > asserted. The problem is that publishing p=reject effectively > asserts that almost all submissions to mailing lists by users in the > domain are illegitimate, and I'm afraid the real world doesn't > believe that to be the case. +1. Some argue p=reject is fine as it stands and that the problem is just that Yahoo and AOL are abusing it. But the real world is as it is, and at the end of the day after all has been said it does not matter if the real world is abusive or not, we still have to interoperate with it. Regards, J.Gomez _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
