I’m a bit concerned that the document will discourage domain owners from working toward an enforcing policy. I’ve seen at least one person say that most domains don’t need to go to p=reject. I’ve seen all sorts of domains attacked? Granted, high profile domains or perceived lucrative targets will receive the most attention but threat actors absolutely do attack all sorts of organizations all the time.
Maybe I’ve misunderstood but I hope that no langue that could be construed as discouraging domain owners from moving toward an enforcing policy would be a mistake. Neil _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
