James, that sounds like you should write an I-D "DMARC considered harmful". ;-)
Ciao, Michael. James B. Byrne wrote: > > On Sun, January 18, 2015 20:14, John wrote: >> I am not sure about implementing DMARC on my servers. >> However, is it worth adding a DMARC record to the DNS? What, if >> anything, would it buy us. > > Nothing, unless you have somebody to read the reports and the capacity > to act on them. All DMARC will tell you is if somebody else is > pretending to be you. It does, however, help protect other people > from getting fraudulently addressed email claiming to originate from > your domain. > > Services exist that will accept DMARC reports and analyse them for > you. I am not sure about the privacy and security implications of > that approach. > >> If we were to add such a record, what would be the "best" setup/set of >> parameters be? >> > > If you have people posting though mailing lists then it is likely best > that you leave DMARC policy set to none or possibly quarantine. > Reject is probably too severe to seriously consider for some time yet; > Yahoo, AOL et al. positions on the matter notwithstanding. Be aware > that Google will deliver quarantined messages to the Gmail users spam > folder. User sending mail from a quarantined DMARC domain through a > mailing list will likely have many of their messages disappear when > sent to subscribers with Gmail accounts.
smime.p7s
Description: S/MIME Cryptographic Signature
