It appears that Scott Kitterman <[email protected]> said: >I don't follow. Section 5.5 is called Domain Owner Actions. > >Also, that's the goal for some domains, but not others. We shouldn't >over-generalize. Personally, I publish DMARC records for the aggregate >reports. I find them useful. >Publishing a DMARC record with anything other than p=none is not something I'm >considering due to the associated side effects.
I'm with Scott here. For some people the goal of DMARC is to stop phishing, for some to prevent BEC (not very well), for some to avoid support calls (you know who I mean), and for some of us, just to see what the statistics look like. With respect to domain owners, while they are entirely allowed to say what they want, we are equally allowed to ignore it. Early on a DMARC policy was a reasonably good indicator that a domain was a phish target and it's worth losing some of its real mail to deter the phishes, but these days as likely as not it's some consultant told us to do this so we're doing it. We all know domains where the policy implied by their DMARC record is obviously not what they actually want people to do nor what it is useful to do. I do think we can say something useful about reporting since comprehensive reports benefit everyone, even if you're not a phish target. R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
