Am 10.06.2014 05:53, schrieb Franck Martin:
This is not correct. I think it is strange to claim that yahoo or aol, being a co-creator of DMARC and having outstanding engineers in the profession do not know what they are doing.
I think that those (co-)creators of DMARC must be different people then those who set the policy. In most documentations there is a warning about setting p=reject too fast. You should start with a few percent of p=quarantaine and slowly rise it to 100%, then do the same with p=reject, start with 10% and slowly rise it to 100%. So, why did e.g. Yahoo jump from p=none directly to p=reject?
Because of the monitoring mode, when you move to p=reject, with all the aggregate reports, you know exactly how much mail you will loose. As you take control of your email streams it becomes a sweet point where fixing exact domain spoofing is more interesting than losing some emails. Your mileage may vary.
Yes, but you don't have to set p=reject to know how much mail you would loose. That's what p=none monitoring mode is for. And if you see that you will loose many mails from mailing lists, it is not wise to change your policy to p=reject without fixing those problems first.
DKIM and SPF do not have a reporting to the sender to tell them how many emails were blocked/rejected. DKIM does not have a policy method, only SPF. So as a sender with SPF -all you have no idea how many emails are blocked, very few are willing to take that risk. With DMARC, you know exactly which emails are getting blocked/rejected.
DKIM also had a policy method: ADSP. But it wasn't widely implemented and is now the RFC status is now "historic". So maybe DMARC is then new ADSP for DKIM? And yes, you are right, it's a huge improvement to have a reporting method. At least if postmasters do care about the reports before changing to a strict policy.
AFAIK even Google doesn't reject p=reject any longer. Instead they move those mails into the Spam folder now.
So again, I think it would be nice to have the DMARC policy results as another criteria for SpamAssassin to decide if a mail is Spam or not.
-- Christian Laußat https://kvm.laussat.info/
