>> No. Most domains aren't subject to significant phishing attacks, so >> for them it's useful for incoming mail from Paypal et al, but not for >> outgoing mail. > >I take it that a *significant* phishing attack is one where the >5322.From domain is involved with money, and the hook is a URL at a >free web hosting site where the phisherpholk will harvest credentials so >they can get some of that money?
No, it's one where the volume is high enough to be annoying. Sometimes it's looking for money, sometimes it's looking to steal account credentials or other stuff. I expect your users get phished a fair amount to steal accounts. But I also expect a lot of those phishes would be unaffected by DMARC. > A domain SHOULD NOT publish a p=reject policy if it will emit mail > intended to be mediated with modifications by another domain unless > the mediating domain is exempted from the policy by [fill in the > eventually approved mechanism(s)]. Right, that horse left the barn a year and a half ago. At this point we're doing damage control, viz. my double signing proposal which would make it somewhat easier for mailing lists et al to do what they do without the problem of current approaches that all lose useful features and/or require retraining users. R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
