[dmarc-discuss] DMARC thwarted already?
tzink at exchange.microsoft.com
Thu Jun 5 16:22:08 PDT 2014
Doesn’t this come back to the whitelist idea? For the green bar SSL certs (Extended Validation), the certs have a bunch of information encoded in it, and the browsers have a list of CA’s that they trust. AFAIK, the only way to do that for email is through DKIM but you wouldn’t highlight all DKIM-signed email, only DKIM-signed email that you trust which is compared against a whitelist.
From: dmarc-discuss [mailto:dmarc-discuss-bounces at dmarc.org] On Behalf Of Murray S. Kucherawy via dmarc-discuss
Sent: Thursday, June 5, 2014 4:09 PM
To: John Levine
Cc: dmarc-discuss at dmarc.org<mailto:dmarc-discuss at dmarc.org>
Subject: Re: [dmarc-discuss] DMARC thwarted already?
On Thu, Jun 5, 2014 at 3:34 PM, John Levine via dmarc-discuss <dmarc-discuss at dmarc.org<mailto:dmarc-discuss at dmarc.org>> wrote:
We might, but we probably wouldn't, since there's no reason to assume
that typical users understand the security implications of mail
addresses and domain names. Also, considering that there is
approximately an infinite number of ways to write something that looks
sort of like some other thing that people are expecting, this approach
is bailing the ocean with a sieve.
It might work better to flip things around and try highlighting the
good stuff. Green bar SSL certs are an example of this approach.
+1 here too. As another data point, we long ago abandoned the idea of using DKIM to identify undesirable content outright and instead focused on using it to identify good stuff. That seems to be a much more productive discussion.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dmarc-discuss