It's amazing how many entities don't have proper DMARC records these days. For example, GE doesn't have a policy set. I have to deal with them on a professional level, and their mails are always getting trapped because they suck.
I've had to bitch at a few large corp entities about their non-compliant SPF records as well.
I don't think anyone cares anymore. Most of the admins are DEI anyways.
You are correct, they don't care. Although I did get one large airline to fix their crap and they now have a properly formed SPF that doesn't violate rules put into place in 2014...
I want to violate an SPF.
Holy fuck that's embarrassing for such a large company. Setting up DMARC isn't even that hard.
When I respond to people complaining about DMARC holds I always make sure to tell them it's because the sender has bad IT policies and practices.
It is. They went so far as to HAVE the record, but nothing as to what their mailserver should do when it encounters a bad mail. Japan is really bad about this too - they're high tech, but it's like they went full stop in certain areas. We get a lot of spam from that part of the world because their mailservers are wide open.
I always check using mxtoolbox and tell complainers exactly why their mail got stopped, or why they got the spam.
(post is archived)