[dmarc-discuss] Is DMARC the right place for SMTP-TLS policy and reporting?

Chris Lamont Mankowski makerofthings77 at gmail.com
Tue Jun 19 21:26:14 PDT 2012

S/MIME could be an option for some industries, but I'm a finance vertical
and we are required to have a supervisory compliance agent review our
electronic communications.  (See Smarsh.com or Proofpoint Archive as an

All the comparable S/MIME solutions I looked at required a cumbersome BCC
agent mechanism that didn't consistently work across all devices.  Now that
we are in the Bring Your Own Device (BYOD) world, I can't ensure that the
proper S/MIME BCC agent would be applied on iPhones, Blackberries,
 Webaccess, Outlook, etc.  The technical challenges are too great, and the
cost to implement is too high.

Add to that the complexity of IT operations where we have to gain the
in-house expertise in PKI private key retrieval, and key management.  Users
may have many keys if they renew, or loose the private key.  I don't want
to get into all the details here, but it's a technical burden on an
overworked IT staff.

Add one legal discovery operation that spans 3,000 or more individuals, and
the back loaded costs are enormous and the privacy gained just isn't worth
it.  (though in non-publicly traded companies like the government the
privacy benefits may be worth the cost)

TLS is simple, analogous to a VPN and allows the business to be agile.  To
be honest I don't ever see us using S/MIME even if Verisign gave us and our
peers free certificates.

On Tue, Jun 19, 2012 at 6:10 PM, John Levine <johnl at taugh.com> wrote:

> >Bottom line, I'd support a MUA indicator if DMARC policy also reflected
> >encryption requirements.
> Well, OK.  We we want encryption, what's wrong with S/MIME?  Unlike
> TLS, it's end to end, and is supported in most MUAs.  S/MIME certs
> are basically the same as TLS certs.
> R's,
> John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://medusa.blackops.org/pipermail/dmarc-discuss/attachments/20120620/c63b1708/attachment-0001.htm>

More information about the dmarc-discuss mailing list