>A good forwarder should preserve DKIM (and therefore DMARC test should pass). >My best guess is that >about 3% of mails is forwarded, maybe more for .edu.
As Franck noted, there are a lot of bad forwarders, particularly in software from Redmond WA. There is also mailing list traffic, which people actually want, as opposed to the 90% of bulk mail that they just tolerate. On this mailing list, for example, roughly 100% of the messages fail any DMARC policy. (I'm not guessing, I have statistics.) >> As suggested, no personal mail should be part of that stream >That is a conservative opinion which corresponds to ‘keeping the status quo. > A more progressive and security aware opinion is to put DMARC with p=reject > on every domain. By coincidence, I just blogged about this. See this post: http://www.circleid.com/posts/20150616_the_cycle_of_e_mail_security/ You might also want to research Kurt's background with DMARC. He knows what he's talking about. R's, John _______________________________________________ mailop mailing list mailop@mailop.org http://chilli.nosignal.org/mailman/listinfo/mailop
