On 7/6/21 05:45, Todd Herr wrote: > > The theoretical goal of any domain owner that publishes a DMARC record > is to transition from an initial policy of p=none to a final one of > p=reject, because it is only at p=reject that DMARC's intended purpose > of preventing same-domain spoofing can be fully realized.
While preventing impersonation of "high value" domains was the original impetus for DMARC, and preventing same-domain spoofing is a/the core benefit, it provides value for other use cases as well. For example, a domain that doesn't currently see much abuse and has several indirect mailflows (so "p=none"), but wants reporting as an "early warning system" in case they're targeted later. Broad applicability helps justify putting DMARC on the Standards Track, so IMO we should be careful not to preclude other use cases, or give the impression they aren't seen as valid. --S.
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
