Am 01.04.21 um 16:36 schrieb Marcel Becker via mailop: > On Thu, Apr 1, 2021 at 12:43 AM Hans-Martin Mosner via mailop > <[email protected] <mailto:[email protected]>> wrote: > > > One option that you should consider to mitigate the effects for > recipients is to allow per-recipient DMARC > exceptions, because the recipient is the one who ultimately decides > whether mail is wanted or unwanted. > > > Recipients are the ones least able to make a decision whether a mail claiming > to be from brand.com <http://brand.com> > was really sent from brand.com <http://brand.com>. They don't even know that > a mail from lookslikebrand.com > <http://lookslikebrand.com> is not legit, move it out of the spam folder and > then proceed to interact with it... > >
Although this is often correct, it's a dangerous attitude. We might know a lot of technical things better than our users, but at the end of the day we're the ones providing a service to the users, fulfilling their needs, not the other way around. We're feel we know better what's good for them, and in single instances we're most often right, but when we bake our knowledge into mail system policies we're quite often wrong. There are some legitimate areas where protection against malicious attacks is justified, but interestingly, many really dangerous attacks would use squeaky clean SPF records, DKIM signatures and DMARC policies. And I wasn't talking about the stupid phishing victims who insist on pulling out spams out of the spam folder and click on links because they believe their bank is requesting them to fix some password issue, but about sane people who subscribe to mailing lists, forward their mail from one mailbox to another, etc. Although we might rightfully say that this is so 1990's, it's what our users use to gain real value from using e-mail. Cheers, Hans-Martin
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
