On 12/14/20 7:26 PM, Douglas Foster wrote:
But what I am trying to figure out is under what circumstances a DMARC policy can be considered actionable. Do I conclude that "p=quarantine" means "domain is still collecting data, so results are unpredictable"? Or do I conclude that it means "Domain is fully deployed and failure to validate is a highly suspicious event?"
Yeah, that's why I question whether there is something actionable and whether this is so much wishful thinking. Somebody did say that they took action on it (gmail?), but i'm not sure whether that is a good thing or a bad thing. For mailing lists, that would seemingly be a bad thing, but if you're of the mind that mailing lists are a security bug and not a feature that might be contradictory.
Mike _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
