[dmarc-discuss] Discussion mailing lists - a reality check

Steve Atkins steve at wordtothewise.com
Sat Jun 23 23:04:03 PDT 2012


On Jun 23, 2012, at 10:11 PM, Jim Popovitch wrote:
>> 
>>> Don't forget, DMARC (less than a 6 months ago) was heavily marketed as
>>> the end-all-be-all to phishing (some reports even said SPAM!)

No, it wasn't. Not if you read any of the press releases (well, other than one,
by one peripherally involved company that was clearly overly enthusiastic,
maybe).

>> So were SPF, DKIM, HELO rDNS checks, and a long list of other things
>> we've all forgotten.  So what?
> 
> None of those introduced failures, nor delivery problems, that weren't
> apparent to the originator or the originating system.  None of those
> introduced reputation and/or delivery problems for 3rd party delivery
> agents (mailinglists, forwarders).

Yes, they did. At least the first three you mention, anyway.

Forwarders and mailing lists are some of the most difficult activities to
deal with for authentication. While they don't make any particular form
of authentication useless, they do tend to make any use of authentication
for stopping phishing very prone to false positives.

Cheers,
  Steve


More information about the dmarc-discuss mailing list