On Friday, March 27, 2015 09:12:19 PM J. Gomez wrote: > > Isn't DMARC holding itself to a different standard? What's a receiver > > supposed to do with unaligned mail whose "From:" domain specifies > > p=reject? Clearly, the domain owner is explicitly asking that the > > message be rejected. If DMARC intends that this be merely one of > > many factors to consider, then doesn't it boil down to nothing more > > than p=do-whatever? > > +1. > > As it currently is, p=reject already means p=quarantine or p=none, so > "do-whatever". > > We could try to add some extra --and defaulted to be empty/none-- qualifier > to the DMARC TXT record in order to optionally, at the Sender's will, > upgrade the plain old p=reject to mean > "reject-and-yes-i-mean-it-always-dammit-i-dont-indulge-in-indirect-email-fl > ows", so that Receivers can get that extra info from the Sender and > therefore be able to guess, with more certainty, that said Sender does > indeed has all his ducks neatly in a row when he publishes p=reject; but > the proposal to do so has already seen very negative reception, repeatedly, > so I will not insist on it anymore.
Looked into this once before for SPF (which despite the hand wringing here has been through a lot of these same policy considerations before). There's no point in adding a "I really mean it" flag since nothing prevents a sender from adding it even if they don't. Eventually enough domains that perhaps shouldn't publish the "I really mean it flag" the receivers want a "NO, I REALLY, REALLY mean it" flag. Pretty soon it's added flags all the way down. In the data I see, I see some receivers overriding p=reject and using p=quarantine for some set of the mail they think is indirect. Mostly though the policy applied is p=reject for a domain that publishes that policy. Scott K _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
