Marketing decides on DKIM and SPF ?
The problem I personally ran into as a one person IT department was that the VP of marketing had more power over me, as a manager, and that meant more to my supervisor (the CEO) than me fighting to do things as correctly as possible. I was seen as a roadblock or speed bump. So, they may not decide on DKIM and SPF, but if marketing isn’t happy then their negativity could cause push back that forces changes that may technically not be good for the company.
I’ve abandoned that role and have gone back to an IC role and I’m much happier for it.
As long as you're not breaking the law / hurting people, does the struggle really matter? The best way I've been able to make people listen to me is by just presenting them with options and results.
If you do it this hacky way - we run this risk and this bad thing can happen etc. After a few times they see the consequence of their decisions people start paying attention to you. Do it a few more and now the company will have an "institutional knowledge" that you are usually right, and even if the manager leave, you still end up like the go-to guy on how to ship.
And sometimes the marketing people might end up being correct! I've once actually battled to "do the correct thing" (way back in the day it was a ruby on rails modeling I think) and the product owner was like - just do it this hacky way I don't care ... I did it the hacky way and you know what - it was the right call - we never changed it again and the business knowledge we got from it was actually valuable.
In the end, for me personally, I give people respect for their roles and the benefit of the doubt that they're in the position for the right reasons. But when I don't get that kind of thing in return then it just pisses me off. What I realized along the way is that I don't want to be in charge of things like this, it's simply not for me, at the very least it isn't on that team. Maybe that will change with the right people but the whole thing soured me on management in general and I will avoid it like the plague.
I'm pretty bitter about it all still, but it's a combination of a lot of things beyond this particular bit I shared. All I can say is I'm glad I am no longer in that role, it was slowly killing me.
The biggest problem there is that it's a statistical gamble, and often times the damage isn't apparent for months or years later, which is plenty far enough removed from the decision that the manager isn't going to remember let alone realize "he told me so." And you reporting "I told you so" even in very easy, factual, and respectful professional language will typicall not be well received. There's also a decent chance that when the thing breaks or you get breached, you'll be blamed for it, or at least be on the defensive.
Now that said, I've worked with a lot of IT/engineering people who are pretty obstructionist to normal business operations and sometimes need to be told, "yeah, we're accepting the risk, move forward with the plan." Sometimes it's for good reasons, other times it's just our normal humanity asserting itself in different ways. It's a hard problem for sure.
Indirectly, yes. Since they don't understand the details, management just "wants it to work". So too many email admins just give up and make their sending policies as permissive as they can to account for whatever new service marketing is using at the time.
DMARC is required for BIMI, and marketing wants that logo to show up in the Gmail app next to your mail