On Mon, 2019-04-08 at 09:50 -0400, Douglas E. Foster wrote: [...snip...] > My focus is on defining a framework for discussing product capabilities, > while leaving room for vendors to add value above the minimum > configuration.
That sounds more like what organisations such as Gartner are there for as opposed to the IEFT. And they do a fairly good job in framing vendor selection processes. > Demonstrating email legitimacy is essentially a protocol between sender > and receiver. IETF has only defined one half of the protocol, so why > should we be surprised that the conversation is broken. Expertise can > be assembled; the task is desperately needed. That's not exactly true. The protocols do explain how a receiver should implement them from a technical perspective. That ensures that there is no divergence between how say a SPF record is interpreted on a product by product basis. What they don't do, and what you appear to be alluding to, is proscribe how receivers should filter spam, and more specifically forged sender addresses from non-existent domains. The IETF don't make such proscriptions because a) it's off-mission and b) there is no one size fits all spam filter configuration. What works for a small office would be unsuitable for a large corporation, what works for a large corporation would be unsuitable for a hospital with a similar number of users and in turn, dealing with millions of users requires a completely different approach all together. > In the interim, I am open to recommendations for good spam filters. I > have been trying to avoid disparaging the bad ones by name in a public > forum. This list isn't the appropriate place for that discussion as it does not pertain to DMARC, despite the fact DMARC might be baked into some spam filtering solutions. Your starting point should be proper functional requirements specific to your organisation. Ken. _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
