It appears that Jesse Thompson <[email protected]> said: >-=-=-=-=-=- > >On Mon, Apr 17, 2023, at 8:37 AM, Laura Atkins wrote: >> Should the IETF make the interoperability recommendation that SaaS providers >> who send mail on behalf of companies support >aligned authentication? That means custom SPF domains and custom DKIM >signatures. >> >> And if they can’t, then do we make a different recommendation regarding >> spoofed mail that evades a company’s DMARC policy? > >+1 to this question. It's entirely unclear to ESPs whether they're allowed to >spoof a domain that has no DMARC policy. ESPs >can furthermore conclude that Domain Owners who publish p=reject|quarantine >are violating DMARCbis, and subsequentlly the >domain's policy declaration is invalid, and can be ignored.
Please see my previous comment about trying to enumerate every dumb thing people might do. I very strenuously do not want us trying to guess how ESPs think nor offering them advice beyond the interop advice we offer everyone else. In this specific case, if the company publishes p=reject, and they hire an ESP, and the company is too inept to figure out how to let the ESP send aligned mail, well, yeah, then the company's actual policy is clearly not their published policy, and the ESP can do whatever it wants. So let's not go there. R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
