[dmarc-discuss] How does *this* mailing list interact with dmarc?

Steven Chamberlain steven at pyro.eu.org
Sat Jun 23 11:07:39 PDT 2012


On 23/06/12 18:24, John Levine wrote:
> It would lead to an endless game of whack-a-mole, as
> spammers use and discard throwaway domains they already have.

That would be costly for them surely?

They would also have to keep nameservers operational to serve DKIM keys
for their spam to verify against, and their IPs would also become known.

DMARC reports would also identify (and confirm with DKIM) the domain
used by the phisher/spammer and that provides evidence to assist with
its takedown.

> have any idea how many domains registrars already turn off every day?
> It's at least in the tens of thousands.

That's great, because once a domain is 'turned off' it is unable to
validate DKIM signatures of further spam...

If the alternative was to publish a p=none policy, a spammer wouldn't
need to own/control a domain at all which is where my suggestion seemed
to be an improvement.


> And for about the three hundredth time, we already know how to handle
> mailing list mail, recognize it and whitelist it.

Whitelist it based on what, how could you check that it genuinely came
from that listserver?  Oh yeah, it's MailFrom address and DKIM and/or
SPF like I said...

Mailing lists that still don't do these things would result in their
users receiving DMARC failure reports, they can take it up with
listmasters, and eventually get us to the position where list mail is
verifiable, whitelisting them is safe, and DMARC failures can be more
heavily enforced.

Regards,
-- 
Steven Chamberlain
steven at pyro.eu.org


More information about the dmarc-discuss mailing list