On Mon, Apr 17, 2023, at 8:37 AM, Laura Atkins wrote:
> Should the IETF make the interoperability recommendation that SaaS providers
> who send mail on behalf of companies support aligned authentication? That
> means custom SPF domains and custom DKIM signatures.
>
> And if they can’t, then do we make a different recommendation regarding
> spoofed mail that evades a company’s DMARC policy?
+1 to this question. It's entirely unclear to ESPs whether they're allowed to
spoof a domain that has no DMARC policy. ESPs can furthermore conclude that
Domain Owners who publish p=reject|quarantine are violating DMARCbis, and
subsequentlly the domain's policy declaration is invalid, and can be ignored.
Jesse
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc