|
|
|
|
|
|
by Spunkie
570 days ago
|
|
|
This had to be one of the most useless updates on an internet standard I've seen. It seems like changes for changes sake and solves practically nothing DMARC actually needs fixed. > Since most organisations are going to use p=reject anyway, a provision for receiving mail servers was added, so that an email isn’t rejected and instead only quarantined if there are signs that the message was forwarded or is coming from a mailing list. Are you fucking kidding me? |
|
|
The draft says:
>It is therefore critical that Mail Receivers *MUST NOT* reject incoming messages solely on the basis of a "p=reject" policy by the sending domain. Mail Receivers must use the DMARC policy as part of their disposition decision, along with other knowledge and analysis. "Other knowledge and analysis" here might refer to observed sending patterns for properly-authenticated mail using the sending domain, content filtering, etc. In the absence of other knowledge and analysis, Mail Receivers *MUST* treat such failing mail as if the policy were "p=quarantine" rather than "p=reject".
So basically `p=reject` doesn't actually mean reject anymore and receivers should instead treat it as quarantine by default.
The document then goes on by saying "nobody will listen to us anyway", which is an interesting thing to read in what will be a Proposed Standard:
>In practice, despite this advice, few Mail Receivers apply any mitigation techniques when receiving indirect mail flows, few organizations consider the effect of DMARC policies on their users' indirect mail, and it is unlikely that any advice in this document will change that.