[dmarc-discuss] DMARC thwarted already?
Murray S. Kucherawy
superuser at gmail.com
Thu Jun 5 16:09:18 PDT 2014
On Thu, Jun 5, 2014 at 3:34 PM, John Levine via dmarc-discuss <
dmarc-discuss at dmarc.org> wrote:
> We might, but we probably wouldn't, since there's no reason to assume
> that typical users understand the security implications of mail
> addresses and domain names. Also, considering that there is
> approximately an infinite number of ways to write something that looks
> sort of like some other thing that people are expecting, this approach
> is bailing the ocean with a sieve.
> It might work better to flip things around and try highlighting the
> good stuff. Green bar SSL certs are an example of this approach.
+1 here too. As another data point, we long ago abandoned the idea of
using DKIM to identify undesirable content outright and instead focused on
using it to identify good stuff. That seems to be a much more productive
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dmarc-discuss