GMail just sent my vaccine appointment information to spam.
It looks like the folks sending vaccine emails haven't set up DMARC.
14
45
310
Conversation
I'm not 100% sure how to read it as a recipient, but I believe it's just not set up. (DKIM is noted as passing, for example.)
1
4
That's fair - it's tricky to keep up with all the email auth standards. As someone who works a lot with auth and delivery, I'd probably place more blame on Gmail's side - there may come a time when lack of DMARC is likely to result in filtering, but that day is not today.
1
6
I wouldn't think it an automatic fail by any means, but I could see it being a factor. Regardless, a mass vax site registration organization should have all their i's cross and t's dotted.
2
2
Yes. But at the same time, I think the people who work on email auth standards could think a bit more about the complexity they introduce, since more complexity means it's harder for small orgs to do auth "right".
1
2
If they don't have DMARC, it's possible their domain is being spoofed for spam emails resulting in it having a bad reputation. It's possible that an enforcing DMARC policy is used as a heuristic but I doubt not having one really results in a much of a penalty.
2
1
Gmail itself doesn't have an enforcing DMARC policy. It doesn't have DNSSEC so you can't get authenticated MX, DKIM, SPF and DMARC records.
They only support authenticated encryption via an MTA-STS policy with 1 day expiry. It's hardly the example of email security people claim.