On 4/28/15 11:35 AM, John Levine wrote: >> Are we going to say "The big four email providers pushed their problems onto >> everyone else" ? > Yes, of course. But as we've seen, we have little ability to push > back.
Dear John, Standing up to abusive domains requires a fallback policy compatible with SMTP. https://tools.ietf.org/html/draft-otis-dmarc-escape-01 Describes a safer and SMTP compatible policy as "Public". By ignoring the role of Sender DMARC is not compatible with SMTP which leads to dangerous practices when handling email exchanges serving the general public. Hacks aimed at transforming the From header into playing this role, such as the dubious double signing or proposed reversible transformation are solutions making the problem worse. Why make the source of a message more confusing? A role clearly defined by the Sender header field when present. The efficiency hack used by DMARC for applying policy against transactional messaging fails badly when misapplied against mediated and valid third-party services. Regards, Douglas Otis _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
