On Thu, Mar 25, 2021 at 5:53 PM John R Levine <[email protected]> wrote:
> >>> It is a problem when receiving servers use DMARC existence and > >>> pass/fail to increase/decrease deliverability rates. - And when > >>> Yahoo/AOL pretty much block everything you send - even with a 98 > >>> sender score, SPF, DKIM, and clean opt-in lists. > > > >> Are they rejecting on DMARC failure because you're publishing p=reject? > > > > NO p=none > > I know people at Yahoo, and their filtering is largely based on complaint > statistics. If they're blocking your mail, the recipients are marking a > lot of it as junk. What do you see in the feedback reports? > > > I DO think this is an unnecessary problem that CAN be fixed/improved in > > one of two fairly straightforward manners through DNS (behavior switch > > or list authorized alternate domains). And I can't see anything but > > upside in doing so; nobody has demonstrated a downside anyways. > > It's real simple. Delegate a subdomain or provide a signing key to a 3rd > party. In my previous incarnation we managed 6,000+ domains and both > Ironport and Message Systems allowed us to DKIM sign on the fly for any of > the our own domains at our border MTAs. Earlier on we were able to do the > same with a little more effort with well known open source mail servers. If > service providers aren't willing or able to work with either delegated > subdomains or delegated DKIM keys, shame on them. That is a business > problem on their part, not an interoperability problem. I am slightly more > sympathetic in the case of mailing lists which is a different problem space. > > I explained the downside to Sender a few messages back: it lets people put > any address they want in the From line so it becomes just a filter on the > reputation of the DKIM or SPF domain. If that were adequate, they > wouldn't have invented DMARC. > This was the problem with *Sender ID* and PRA. Back in the day I used to taunt the folks at Microsoft (Craig and Harry) by sending them email with their own From address by leveraging the Sender address and PRA to game a *Sender ID* neutral. It frustrated the hell out of them. As has been pointed out many times, there is no way of determining if Sender domain has any relationship to From domain unless it is in the same administrative domain. > > I agree that there is no particular downside to something like ATPS, but > the fact that we've had ATPS for a decade and nobody has implemented it > tells me that this is not a problem that the industry thinks is worth > solving. > +1 > Michael Hammer
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
