The brilliance of DMARC is in its feedback mechanism. For that feedback to be useful, it needs to reach someone who can act on it. For a massive organization like the U.S. Government, I cannot imagine how feedback to a .gov catchall account could be actionable.
Suppose someone decides to send a newsletter to local farmers, from the Kansas office of the Agricultural Extension program of the Department of Agriculture. He creates an account with Constant Contact and starts sending messages.. This violates the DMARC policy of Dept of Agriculture, so someone in D.C. starts getting notifications that Gmail is blocking lots of messages from Constant Contact. What is to be done? The "mail integrity program officer" of the Department of Agriculture calls Constant Contact, but they politely explain that they need proof of identity, which can be: Knowledge of the login credentials for the Constant Contact account, orA court order Eventually our "Mail Integrity" officer gets his court order and forces the account to be closed. The farmer outreach officer in Kansas suddenly finds his Constant Contact account disabled, so he creates a new one. All of this gets in the way of actually communicating with farmers who will benefit from the newsletter. The internal communication problems will be difficult even if the Constant Contact account is tied to a valid subdomain of Agriculture, with a DMARC policy on that subdomain. It becomes exponentially more difficult if the newsletter uses a non-existent subdomain, causing the feedback to go to a catchall account for Department of Agriculture or worse yet a catchall account for all of ".gov" Walking the domain allows feedback, for both valid and non-existent domains, to go to the destination most able to use the information, and makes the ..gov policy a trivial extension of the domain walk. Doug Foster ..
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
