[dmarc-discuss] Discussion mailing lists - a reality check

Murray Kucherawy msk at fb.com
Sat Jun 23 23:17:22 PDT 2012


On 6/23/12 7:16 PM, "Jim Popovitch" <jimpop at gmail.com> wrote:
>Don't forget, DMARC (less than a 6 months ago) was heavily marketed as
>the end-all-be-all to phishing (some reports even said SPAM!) emails.
>I'm sure there are some CEO subscribers ready to mandate DMARC and
>layoff 1/2 their inbound policy teams...   DMARC oversold itself,
>intentionally or not.  You can bet there are plenty of businesses and
>governmental offices that will throw up DMARC records asap without
>knowing a thing about only doing it for a specific set of
>transacational emails (btw, recall that mailinglists themselves do
>have some transactional emails, i.e. password reminders, subscription
>verification).   If you are really serious about limiting DMARC
>rollout, put it up in big red letters on dmarc.org, otherwise don't
>get in the way of people who are identifying problems and discussing
>solutions.
>
>

We (the DKIM working group at IETF) wrote an RFC that talks about DKIM and
ADSP in the context of mailing lists.  It's RFC6377.  I suspect a lot of
those issues apply to DMARC as well.  Perhaps a reference to that RFC in
our document, with some surrounding text specifically calling out the
transactional email issue, would be appropriate.

-MSK

>




More information about the dmarc-discuss mailing list