On 05/21/16 16:33, list...@tutanota.com wrote: > > > Case in point: My own domain's outgoing mail flows are 100% DMARC > compliant. Yet 94% of my endpoint mail *deliveries* fail DMARC, because > they go through forwarders that are dropping DMARC, DKIM, SPF, or all > three on the floor. > > > > Then I think your DMARC policy would be incorrect, right? > > If your policy says "reject if fail" but you choose to send to and > through forwarders that fail then that is for sure your choice & > responsibility, right?
That's why my policy is report-only until I can get all of the forwarders in between to become DMARC compliant. My point stands: Making DMARC failure an automatic reject is a sound policy only if you're OK with losing legitimate mail because it passed through a forwarder who hasn't implemented DMARC yet. -- Phil Stracchino Babylon Communications ph...@caerllewys.net p...@co.ordinate.org Landline: 603.293.8485
