Jim Popovitch writes:

...

What changed that you object to?

One of the original __High-Level Goals__ was:

DMARC is intended to reduce the success of attackers sending mail pretending to be from a domain they do not control, with minimal changes to existing mail handling at both senders and receivers. It is particularly intended to protect transactional email, as opposed to mail between individuals.

Actually, that word wasn't present in Murray's original -00 draft, and was added in two places (along with a definition in terms of "business transactions") in the -01 draft at the same time Ms Zwicky was added as editor, in July '13. :-P According to Chrome's search function, all three uses are still present in the current (April '14) draft (in section 1.2 "Anti-Phishing" and section 2.1 "High-Level Goals" (which contains exactly the text quoted above).

Based on what I've seen on dmarc@, the word "transactional" has controversial connotations besides ruling out Yahoo!'s use case. The problem is that Yahoo!'s problem ("acquaintance-recommended spam") is a genuine problem, and could be addressed by DMARC "p=reject" if only Yahoo! users would stop posting to mailing lists. :-) It's not just business uses.

Although Elizabeth and I aren't on good terms at the moment because of difference of opinion about Yahoo!'s behavior, I haven't seen anything from her that would indicate that she thinks "p=reject" is a *good* idea ... except that at the moment it's their *only* idea. :-(

Steve