On Mon, 7 Dec 2020, Jim Fenton wrote:
Agree, the reporting is great. But so much of the marketing/mandates I see
around DMARC doesn’t tell domain owners to turn on reporting first to see
what’s broken, it tells them to publish a DMARC p=reject policy because they
have a security vulnerability if they don’t. If the guidance around DMARC was
to publish a p=reject policy only “if it’s safe to do so” (meaning mostly for
transactional domains), I’d be a lot happier with it.
Yes indeed. It's pretty much the same issue as people who have DMARC on
a checklist so they publish an SPF record and p=reject, check the item,
and I'm stuck with mail that disappears when I forward it to its intended
recipient.
Regards,
John Levine, [email protected], Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
