[dmarc-discuss] A bit quiet?
shalf at CheshireEng.com
Tue Oct 27 11:28:00 PDT 2015
> Nothin' for nothin', but this seems like an awful lot of mechanism for
> a pretty low-value piece of data, and if I'm reading you right the
> people who have to implement this (at least mailing list operators)
> need to do this so that someone _else's_ use of DMARC works, right?
I think from the receiving mail system's point of view, a solid identification the intermediaries is _not_ low value. They are faced with customer dissatisfaction if they mis-classify messages in either direction, but especially if they put valued messages in quarantine.
From the list manager's point of view the value proposition is similar, I think. They too are faced with customer dissatisfaction when list messages aren't delivered (and many list members seem prone to blame the list first, before looking in their "junk" folder). And in some sense the list managers have less work to do as it is all mechanism - no reputation system and associated database to maintain. Ideally the list manager need only plug in an implementation that someone else developed (or close to it).
Of course, in both those cases the value is predicated on the assumption that the mechanism will prove effective. Hopefully the early adopters will prove that out quickly.
> It seems that the wrong party needs to do some work in this model.
I've always felt that DMARC was putting the burden on the wrong parties, at least when applied to end-user email services like Yahoo Mail or Gmail. With commercial email, the bank notices and other customer communications which wouldn't normally be routed into a list service anyway, DMARC stands fine on its own, and p=reject has real meaning with no need for a reputation system to decide if local policy should override it. Scarcely any need even to care about content evaluation in those cases, since the bad is entirely on the known originator.
But it got complicated real fast when someone thought that DMARC might apply to email service delivery as well.
More information about the dmarc-discuss