[dmarc-discuss] DMARC thwarted already?

J. Gomez jgomez at seryrich.com
Thu Jun 5 13:40:59 PDT 2014


On Thursday, June 05, 2014 7:37 PM [GMT+1=CET], Les Barstow via dmarc-discuss wrote:

> I missed a few buy-in requirements for a full fix: updating a
> significant portion of the MUA user base, and updating installed
> mailing list and MTA software. (I.e buy-in from the Internet e-mail
> admin and user community.)   
> 
> -----Original Message-----
> From: Les Barstow
> Sent: Thursday, June 05, 2014 11:34 AM
> To: dmarc-discuss at dmarc.org
> Subject: RE: [dmarc-discuss] DMARC thwarted already?
> 
> Straightening it out "the right way" probably involves some
> combination of revisiting the definitions of the various From/Sender
> fields, compliance to those definitions within the DMARC spec, some
> kind of resender resign mechanism, and buy-in from MUA, mailing list,
> and MTA software providers.

I, for one, am not buying-in into it.
 
What you are proposing already exists, essentially it is called X.400 Message Handling System. It was tried, and ultimately did not stick.
 
Going back on topic, though: phishing through the description in the Header-From is not what DMARC protects against, the spec says so explicitly.

Regards,
J.Gomez




More information about the dmarc-discuss mailing list