Barry Leiba wrote on 2023-04-14 03:52:
As to "what constitutes general purpose", if you are providing email addresses to the general public, that qualifies. If your domain is sending email only from employees, and you have policies about employees using their email addresses to conduct business, then that's a different issue. Of course, if their business involves posting to mailing lists, you have some decisions to make.
How about this? 5.5.6. Decide If and When to Update DMARC Policy Once the Domain Owner is satisfied that it is properly authenticating all of its mail, then it is time to decide if it is appropriate to change the p= value in its DMARC record to p=quarantine or p=reject. Depending on its cadence for sending mail, it may take many months of consuming DMARC aggregate reports before a Domain Owner reaches the point where it is sure that it is properly authenticating all of its mail, and the decision on which p= value to use will depend on its needs. It is important to understand that the Domain Owner may never use a policy of p=quarantine or p=reject, and that these policies are intended not as goals, but as policies available for use when they are appropriate. In particular, domains with users from the general public, where the Domain Owner has no overview about and no intention to govern with who their users communicate with, MUST NOT deploy a policy of p=reject to preserve interoperability. In such scenarios, the deployment of a policy other than p=none can disrupt indirect mail flows and cause damage to the operation of mailing lists and other forwarding services that are incompatible with DMARC. This is discussed in [RFC7960] and in Section 5.8, below. Regards, Matt _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
