On 10/22/20 12:25 PM, Viktor Dukhovni wrote: >> On Oct 22, 2020, at 2:11 PM, Demi M. Obenour <demioben...@gmail.com> wrote: >> >> I know :( >> >> This is really a security hole in gmail. Given the popularity of >> gmail, however, I seriously suggest somehow treating gmail as if it >> had p=reject, as it should. > No it should not have "p=reject" that's only for sites that only send > "transactional" email. And lack of DMARC is not a "security hole".
"p=quarantine" might be a better choice, but I do consider lack of DMARC to be a security hole. I certainly don't want someone to be able to forge mail that claims to be from me. There are all sorts of nasty social engineering attacks someone could do with that ability, many of which have real-world consequences. Demi
OpenPGP_0xB288B55FFF9C22C1.asc
Description: application/pgp-keys
OpenPGP_signature
Description: OpenPGP digital signature
