On 4/27/2015 5:51 PM, Scott Kitterman wrote:
What? There is an spec for DMARC. With the current DMARC specification,
anyone can do almost anything and still claim to be DMARC-compliant. What
about if to claim being DMARC-compliant, Receivers could not reinject alien
messages into the email infrastructure if the original Sender is publishing
p=reject and said reinjected messages would fail a DMARC check when
performed by its ultimate Recipient(s)?
Why would a mailing list care to claim spec conformance?
All they care about is getting the mail delivered, managing subscriber lists,
etc. Since there are no internet police, can not doesn't mean anything.
Lets not lump "mailing list" into the same kind or group of MLM
operations. I care. I have a product to market. As a side note,
there is a legal argument to make when a MLM has intentionally ignored
a security protocol designed to protect a domain and end-users.
Claims of MalPractice and Intentional Neglect can easily be made.
There is most certainly, product liability issues. Can't have it both
ways.
The point is not what the MLM does, but what the MLM RECEIVER does.
It MUST also be a DMARC compliant system too as a protocol design
presumption.
So as I always said, the first rule of thumb is to follow the honor
protocol first. And if that doesn't make sense, then its broken.
DMARC is an incomplete protocol until it offers support for ADID !=
SDID conditions whether its deemed feasible or not by some.
--
HLS
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
