[dmarc-discuss] How does *this* mailing list interact with dmarc?

Murray Kucherawy msk at fb.com
Sat Jun 23 23:04:13 PDT 2012


On 6/23/12 5:16 AM, "Steven Chamberlain" <steven at pyro.eu.org> wrote:
>Or else a phisher who imitates a listserver, must sign the fake
>"forwarded" mail with a DKIM signature that ties it to a domain under
>their control, which makes it more easily blacklisted.

Doesn't that model still suffer from the fact that the imitator can just
change domains frequently, which basically renders the blacklist
ineffective?

>
>> Moreover, are those streams (forwarded mail, stuff that goes through
>> lists) really part of the threat model we're trying to address here?  I
>> don't think they are.
>
>Not directly, but I believe their existence forces a compromise that
>weakens DMARC as a whole:  more senders must resort to p=none, and/or
>receivers must give less weight to p=reject.  The reason I brought this
>up :)
>

The logic there ultimately follows what we learned from ADSP and SPF's
"-all": Don't set "p=reject" unless you're talking about a domain that
only ever sends transactional mail, i.e., not traffic that would typically
go to lists or be forwarded.

-MSK

>




More information about the dmarc-discuss mailing list