On Tue 03/Dec/2024 22:07:01 +0100 Tero Kivinen wrote:
Alessandro Vesely writes:
Yes, and the point being? If you claim to support DMARCbis RFC after
it has been published, you need to support all MUSTs it lists.
IMHO, supporting MUSTs serves for interoperability. IOW if you don't
you won't interoperate.
Claiming to support DMARC, per se, doesn't bring any goods. And
organizations imposing to support DMARC and pushing to use p=reject
seem to be doing more damage than good.
Unfortunately there is lots of places which do say that you need to
support DMARC to be safe/secure/whatever, thus requiring other places
to implement and support DMARC. It would be good to at least have
those who are required to support DMARC to actually implement something
that is useful.
Large organizations have the power to impose DMARC. The standard way to do
that is to publish a DMARC policy record at .gov, .bank or whatever PSD they
manage.
Whether that is useful is debatable, IMHO. For DMARC to be useful everybody
should have p=reject and everybody else should honor it. However, there are
some problems to fix before getting there.
There are several web sites that test various mail protocols conformance,
including DMARC. Publishing a conformance checklist in the document is
useless, as one can simply search for "MUST" throughout the file.
Best
Ale
--
_______________________________________________
dmarc mailing list -- [email protected]
To unsubscribe send an email to [email protected]
