>I'm staring at this and not understanding how the two are all that >different. They both seek to ensure that a DMARC evaluation can be done on >the From: domain, and thus both seek to ensure that the From: that lands in >the inbox can be trusted by end users to be valid.
Now, wait a minute. DMARC can tell you that a message is probably not a phish with an exact match From: domain, but it can't tell you that a return address is "valid" for any but the most uselessly nitpicky definition of valid. (Consider a message From: [email protected], with SPF that makes DMARC p=reject happy.) One can conclude with great confidence that a From: domain that doesn't exist is not an exact match phish of anything, which tells me that it's none of DMARC's business. Also, as others have observed, there are plenty of reasons one might reject a message before doing DMARC validation (Spamhaus DROP, say) and it does not seem productive to attempt to compile a list of them. R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
