[dmarc-discuss] How does *this* mailing list interact with dmarc?

Brian Corrigan bcorrigan at majorleaguegaming.com
Fri Jun 22 12:07:18 PDT 2012


I get it, but really, this is an implementation issue for basically
every "average joe" user.  For instance, every single company that
uses google apps and has a single user that subscribes to a mailman
mailing list wouldn't be able to put their domain into reject mode.

I get the issues, but tech aside, its frustrating that we can't work
around this somehow.  Its going to prohibit widespread deployment of
DMARC.

Just speaking personally, phishing is a really expensive problem for
us.  (I understand this is exponentially more expensive for most of
you).  I guess we can split up our mail domains, but most companies
won't do this.

I'm a huge fan of the spec, I would love to see be a part of everyones
mail deployment.  It would be great if we could fix this.
Particularly if the spec has enough room to be extended to cover the
issue.  Why not at least make it *possible* to address this?


On Fri, Jun 22, 2012 at 2:50 PM, Franck Martin <fmartin at linkedin.com> wrote:
> A lot of people have split their domain. We have not.
>
> But also I noticed in large organizations, people tend to use a persona/genericl domain to subscribe to mailing lists than to use their company domain, like you do Al.
>
> So there is really no issue... :P
> ________________________________________
> From: dmarc-discuss-bounces at blackops.org [dmarc-discuss-bounces at blackops.org] on behalf of Brian Corrigan [bcorrigan at majorleaguegaming.com]
> Sent: Friday, June 22, 2012 11:40 AM
> To: Al Iverson
> Cc: <dmarc-discuss at dmarc.org>
> Subject: Re: [dmarc-discuss] How does *this* mailing list interact with dmarc?
>
> So it follow then that for practical reasons, companies that share a
> domain between users and transactional messages (which has got to be
> most companies) will never be able to move into quarantine or reject
> mode?
>
> I've been doing a lot of work on report parsing, and while we're
> identifying about 6 phishing scams an hour (legitimate ones, I can
> only imagine what its like for a big provider) we still don't really
> have a recourse for handling them because we share a single domain for
> all our email (and I'm sure many people are a member of a few mailing
> lists, etc.).  Am I correct?
> _______________________________________________



More information about the dmarc-discuss mailing list