[dmarc-discuss] Is DMARC the right place for SMTP-TLS policy and reporting?

Craig Spiezle craigs at otalliance.org
Wed Jun 20 13:18:23 PDT 2012

If you are looking for adoption data of SPF & DKIM see the attached



From: dmarc-discuss-bounces at blackops.org
[mailto:dmarc-discuss-bounces at blackops.org] On Behalf Of Chris Lamont
Sent: Wednesday, June 20, 2012 12:08 PM
To: Murray Kucherawy
Cc: dmarc-discuss at dmarc.org
Subject: Re: [dmarc-discuss] Is DMARC the right place for SMTP-TLS policy
and reporting?


Agreed, for the scenarios we outlined TLS is comparable to SPF for
Authentication.  SPF is easier, and it is more broadly adopted for the
purposes of message authentication.  

True, shared IP situations will use a VPN to connect to the central MTA.


Aside: Isn't a VPN using TLS under the covers?  It seems like the industry
put some Duct Tape on the RFC's to accommodate the gap TLS auth covers.
It's a heavyweight solution that is widely deployed in those situations and
is a pain to set up and maintain.   Any more thoughts I have on this is
probably is out of scope for DMARC so I'll stop here.


Ignoring the authentication part of TLS, does anyone see value in reporting
on encryption policy a.k.a. Enforced TLS?  If so, where would you suggest
such a feature live? (DMARC, something else...)





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://medusa.blackops.org/pipermail/dmarc-discuss/attachments/20120620/4fb58fad/attachment.htm>

More information about the dmarc-discuss mailing list