On 17.10.17 19:07, Gary wrote: > https://cyber.dhs.gov/ > Binding Operational Directive 18-01 enforces some basic email > security, notably with DMARC set to reject.
Interesting choice of words there. DMARC [...] tells a recipient what the domain owner would like done with the message. True so far. The next sentence however is Setting a DMARC policy of “reject” provides the strongest protection against spoofed email, ensuring that unauthenticated messages are rejected at the mail server, even before delivery. "Would like" a message to be rejected of course does not "ensure" this actually happens. That's a bad way to phrase an official US government statement. The recipient alone decides, if he even supports DMARC in the first place. -Ralph
