Dominik Hoffmann writes:
P.S.: I have a stinking suspicion that the primary reason for Verizon's is not to combat spam, as stated, but to make it harder for their subscribers to be in a position where switching ISPs is easy, because they already use email addresses not tied to the ISP.
I wouldn't put it past them, but after spending a fair amount of time on both the DMARC.org list and the IETF DMARC working group list, I think that Heinlein's Maxim "Never attribute to malice that which can be adequately explained by stupidity" applies.
To be more sympathetic to the tech staff, I think telco managements vastly underestimated the cost of moving into the Internet provider space while overestimating traffic growth (their original business), and in particular did a very poor job of budgeting for staff. It was surprising to me, but few of the ISP people on those lists seemed to have either the "security mindset" or the "devops mindset". And they're understaffed, barely able to keep up with OS upgrades and integrating new hardware. They don't have resources -- training and "on call" workforce -- to keep up with malwares that morph faster than Biohazard's "T virus".
To me the bottom line is that these days if you want a specific service that works "for you" rather than "to keep the provider comfortable", you need to find somebody who provides that service, and generally you have to pay for it. I'm not current with prices in the States any more, but people are quoting $5/mo -- that's two beers a month here in Japan. To me that would be well worth it (and while I'm currently able to use my employer to connect to the Internet, they're tightening up and centralizing like some of the telco ISPs, so it's a prospect I've actually thought carefully about -- though I haven't shelled out yet. ;-)