[dmarc-discuss] How does *this* mailing list interact with dmarc?

Murray Kucherawy msk at fb.com
Fri Jun 22 13:12:42 PDT 2012


That doesn't work unless you establish beforehand how each sender will use
"i=".  That problem alone means nobody's using it for this.

On 6/22/12 9:01 AM, "Franck Martin" <fmartin at linkedin.com> wrote:

>You can't use s= but may be you could use i= in combination with d= to
>build a reputation scheme.
>
>On Jun 22, 2012, at 6:30 AM, Brian Corrigan wrote:
>
>> Forgive the new guy...
>> 
>> One feature of DKIM that seems very interesting (and potentially
>> applicable) is the ability to divide the key namespace up using
>> selectors. If I understand correctly, wouldn't this address many of
>> the problems being discussed here?
>> 
>> For example, in the case of a single (.edu?) domain that sends both
>> transactional and user-generated emails, isn't it possible to use a
>> separate key for each message type?
>> 
>> For that matter, if you used a key per user (granted, this would be a
>> *lot* of keys) you could verify not only that the message originated
>> from a specific domain, but from a specific user on that domain.  On
>> the issue of mail forwarding agents, conceptually, wouldn't using per
>> user keys solve the issue?
>> 
>> Finally, maybe a more practical approach is to have an arbitrarily
>> large number of keys and just use a random one each time you sign.
>> 
>> Cheers,
>> Brian
>> 
>> 
>> On Wed, Jun 20, 2012 at 11:24 PM, John Levine <johnl at taugh.com> wrote:
>>>> Anyhow this "alias" forwarding break DKIM is common on many other
>>>>platforms/configs and DMARC points where.
>>>> 
>>>> How can we help?
>>> 
>>> Encourage those systems to sign their outgoing mail so recipients can
>>> develop a reputation for them.
>>> 
>>> DMARC is not a FUSSP.  It is useful for a small but significant part
>>> of the mail ecosystem for domains where all the mail comes from a
>>> known, controlled set of hosts, and a lot of phishing is targeted at
>>> them.  None of the other anti-spam and reputation techniques are going
>>> away, and DMARC isn't a substitute for them.
>>> 
>>> R's,
>>> John
>>> _______________________________________________
>>> dmarc-discuss mailing list
>>> dmarc-discuss at dmarc.org
>>> http://www.dmarc.org/mailman/listinfo/dmarc-discuss
>>> 
>>> NOTE: Participating in this list means you agree to the DMARC Note
>>>Well terms (http://www.dmarc.org/note_well.html)
>> 
>> _______________________________________________
>> dmarc-discuss mailing list
>> dmarc-discuss at dmarc.org
>> http://www.dmarc.org/mailman/listinfo/dmarc-discuss
>> 
>> NOTE: Participating in this list means you agree to the DMARC Note Well
>>terms (http://www.dmarc.org/note_well.html)
>
>
>_______________________________________________
>dmarc-discuss mailing list
>dmarc-discuss at dmarc.org
>http://www.dmarc.org/mailman/listinfo/dmarc-discuss
>
>NOTE: Participating in this list means you agree to the DMARC Note Well
>terms (http://www.dmarc.org/note_well.html)




More information about the dmarc-discuss mailing list