On Mon, Feb 1, 2021 at 6:49 PM Michael Thomas <[email protected]> wrote: > > > On 2/1/21 3:23 PM, Dave Crocker wrote: > > On 2/1/2021 3:21 PM, John Levine wrote: > >> I find it hard to believe that if you are going to enough effort to > >> maintain the data to create and send reports, you can't figure out how > >> to install an SPF record for your reporting domain. > > > > Except that the tracking/reporting functions are completely separate > > from the 'signing' side of DMARC and could easily be different parts > > of a company. > > > > d/ > > > It strains credulity that one part of a company would want to send out > reports when some other can't even sign their email. Both need access to > the email stream for starters. > > It doesn't strain my credulity at all. You are assuming a single mail stream. I saw it at my own employer before we got centralized control of DNS and implemented email authentication. I actually know of one company where several hundred thousand dollars of marketing emails ended up not getting through because a marketer thought they could evade corporate policy and the ESP gladly took the money even though the mail was getting rejected. It's a crazy world out there.
Michael Hammer
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
