[dmarc-discuss] Discussion mailing lists - a reality check

John Levine johnl at taugh.com
Sat Jun 23 21:43:53 PDT 2012


>I think you are forgetting Reputation.  It doesn't take a phished
>account.  All it takes is  legitimate emails, from a legitimate
>company (with a not well thought-out DMARC record) to be sent through
>a mailinglist.  Everyone who checks DMARC then sees the list as
>sending From: the company... and bam...

If I may repeat myself, why are you assuming that mail system managers
are both incompetent and deaf?  If they turn on DMARC and find that
they botched it and are getting users complaints about lost real mail,
do you really think that they need a kludge from us to fix it?  If the
situation is that bad, why haven't SPF -all and ADSP made mailing lists
unusable?

>Don't forget, DMARC (less than a 6 months ago) was heavily marketed as
>the end-all-be-all to phishing (some reports even said SPAM!)

So were SPF, DKIM, HELO rDNS checks, and a long list of other things
we've all forgotten.  So what?

R's,
John


More information about the dmarc-discuss mailing list