Scammers set up domains with instructions to ignore email security failures on their emails via a DMARC record and Google et al. deliver their obvious dangerous spam to you. I thought, “how stupid” to create a security system so easily disabled.
But, I realize it was NEVER designed to protect YOU from spam. It has ONE purpose. Protect corporations from being spoofed. Period. They set their DMARC to reject or quarantine emails from their domains that fail security. It works perfectly for this and ONLY this. They are protected. You, not so much, but you are not their concern.
It could have been easily expanded to kill spam by not allowing the checks to be ignored, but why should they? They are protected. Common attitude today by too many people.
Am I wrong?
#CyberSecurity #EmailSecurity
Yes, when setting up their own domain they can as well set the dmarc policy to reject and add valid spf and dkim records. They also do this sometimes.