>The problem exists if A is publishing such a policy, B is acknowledging the policy, B is >generating a bounce, and the bounce is hitting the mailing list provider. > >I do not understand why a bounce should be generated (and not the incoming mail to B would >be tagged as spam and/or null-routed). DMARC lets you say p=reject or p=quarantine. For whatever reason, AOL and Yahoo are saying reject. Using that p=quarantine would be nearly as bad, with list mail eternally vanishing into spam folders. >That said, the result of the above is that B is unsubscribed from the mailing list due to >large number of bounces, but that is because B is recognizing the policy A is publishing. Yes, but there are complicating factors. One is that it's entirely possible to use DMARC responsibly. It's been around for a year, domains like paypal.com have published p=reject, with no problems because nobody sends real paypal.com mail via mailing lists or mail-an-article or the other stuff that is broken by DMARC reject. What changed is that two of the largest consumer mail providers had huge security breaches where crooks stole user info including their address books (both admit it, no conspiracizing needed) and used DMARC as a sledgehammer to try and mitigate the damage. I don't think anyone is opposed to mitigating damage, but these particular efforts had the predictable side effect of dumping costs on unrelated third parties which AOL and Yahoo have so far done nothing to address. Yahoo's blog admits that they are affecting 30,000 other providers, so they know this is not a trivial problem. Finally, the DMARC group includes the largest mail providers in the world (I've seen DMARC bounces from Gmail, Yahoo, Hotmail, AOL, and Comcast), who have such a large market share and so much market power that it is not realistic to exclude users at those providers and tell them to take their business elsewhere, no matter how well deserved that advice might be. R's, John