[dmarc-discuss] Discussion mailing lists - a reality check

Murray Kucherawy msk at fb.com
Sat Jun 23 23:17:22 PDT 2012

On 6/23/12 7:16 PM, "Jim Popovitch" <jimpop at gmail.com> wrote:
>Don't forget, DMARC (less than a 6 months ago) was heavily marketed as
>the end-all-be-all to phishing (some reports even said SPAM!) emails.
>I'm sure there are some CEO subscribers ready to mandate DMARC and
>layoff 1/2 their inbound policy teams...   DMARC oversold itself,
>intentionally or not.  You can bet there are plenty of businesses and
>governmental offices that will throw up DMARC records asap without
>knowing a thing about only doing it for a specific set of
>transacational emails (btw, recall that mailinglists themselves do
>have some transactional emails, i.e. password reminders, subscription
>verification).   If you are really serious about limiting DMARC
>rollout, put it up in big red letters on dmarc.org, otherwise don't
>get in the way of people who are identifying problems and discussing

We (the DKIM working group at IETF) wrote an RFC that talks about DKIM and
ADSP in the context of mailing lists.  It's RFC6377.  I suspect a lot of
those issues apply to DMARC as well.  Perhaps a reference to that RFC in
our document, with some surrounding text specifically calling out the
transactional email issue, would be appropriate.



More information about the dmarc-discuss mailing list