On 12/6/20 9:18 PM, John Levine wrote:
In article <cal0qlwb3plvfkoiukey38kk9weiesbyzciby72ls5yrwn6e...@mail.gmail.com>
you write:
As I recall, people took a run at trying ADSP and it was largely
unsuccessful. I recall at least Yahoo, PayPal, and Google trying it but
finding that it interfered with their employees' participation in lists, so
they each invented new domains for their employees to use as separate from
their operational public services. This basically led to its demise.
Among ADSP's shortcomings was that there was no way to test it other
than to turn it on and see how much damage it caused. The answer was
frequently a lot, so they turned it back off and that was that.
DMARC certainly has its problems but the reporting is great. It makes
the surprises when you turn DMARC on a lot less, at least if your name
is not AOL or Yahoo.
but apparently y! is doing DMARC in the face of its inadequacies anyway.
i really like the reporting capabilities as an auditing tool as well,
but it doesn't change much on the ground with the basic problems. it
just confirms that it's a bad idea to use p=reject in many cases. there
are clearly many use cases where that isn't a problem -- like bank
transactional mail -- and ADSP was just fine for that. nothing much has
changed on that front in 15 years. I find it amusing to be talking about
this all these years later, with all kinds of companies trying to
capitalize on the new and mostly unimproved dmarc.
Mike
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
