On Wed, Apr 12, 2023 at 1:57 PM Murray S. Kucherawy <superu...@gmail.com> wrote:
> On Wed, Apr 12, 2023 at 8:27 AM Brotman, Alex <alex_brot...@comcast.com> > wrote: > >> In the case of DNSSEC, my ISP is the intermediary utilizing DNSSEC, and >> the website signs records via DNSSEC. The website I want to go to breaks >> their DNSSEC. My ISP cannot retrieve a record to return to my browser that >> can be used. A is the browser, B is the website, C is the ISP DNS platform. >> >> >> >> I understand your point, though I think mine still has reasonable merit. >> I understand the charter is to resolve the interoperability between >> indirect mail and p=reject. I’m just not sure I see an intersection of >> “fix indirect email” and “p=reject”. >> > > I see what you're getting at, but I don't think they're comparable. There > are a few main differences: > > 1) DMARC is a surprise to some actors. The intermediary in DMARC doesn't > know that it's suddenly contributing to a problem. In the DNSSEC example, > the ISP DNS platform knows it's participating; it is, after all, a > DNSSEC-aware resolver. In DMARC, suddenly MLMs around the world have to > change what they're doing and don't know they're part of a new problem. > If DMARC is a surprise to "some actors" today, they clearly haven't been paying attention. It was first publicly published (not through IETF) in 2011. With regard to MLMs and forwarders, the wake up call would/should have been in 2014 when AOL, !Yahoo and other domains with lots of users started publishing p=reject policies. I'm not commenting on other aspects of the discussion, only your belief that in this day and age, DMARC is a surprise to anyone. Michael Hammer
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
