Domain-based Message Authentication, Reporting & Conformance (DMARC) is a standard that helps prevent spoofing by verifying the sender’s identity. If an email fails DMARC validation, it often means t...
Updated Jul 26, 2023
Version 3.0
Blog Post
3 MIN READ
Announcing New DMARC Policy Handling Defaults for Enhanced Email Security
If security is good by default, no one will pay for extra security.
most if not all basic/easy spam/phishing emails comes from hotmail/gmail/outlook/yahoo.
why not prevent this kind of email from leaving your infrastructure?
block them before they can be sent. make it impossible to change the from & reply-to address.
Security is big money; no email provide wants to stop this kind of email.
No one can make you do something, but if you want to not do something and still ack as if you are right, then you need a way around said law:
"Mail Receivers MAY choose to accept email that fails the DMARC mechanism check even if the Domain Owner has published a "reject" policy"
DMARC does not need this, because no email provider has to implement DMARC, but yet they put it in, yes. WHY?