[dmarc-discuss] DMARC thwarted already?

Franck Martin fmartin at linkedin.com
Thu Jun 5 16:59:43 PDT 2014


On Jun 5, 2014, at 4:22 PM, Terry Zink via dmarc-discuss <dmarc-discuss at dmarc.org> wrote:

> Doesn’t this come back to the whitelist idea? For the green bar SSL certs (Extended Validation), the certs have a bunch of information encoded in it, and the browsers have a list of CA’s that they trust. AFAIK, the only way to do that for email is through DKIM but you wouldn’t highlight all DKIM-signed email, only DKIM-signed email that you trust which is compared against a whitelist.
>  
> -- Terry
>  
You could just show the domain in green on the MUA, to show that this email is successfully DMARC authenticated by the domain and the domain as strong DMARC policies (p=reject). I feel it should show the UTF8 version as well as the puny code version….

No need of a CA.

Spammers could use DMARC too, but it is about authentication/attribution not about reputation.

It seems to me the DMARC spec, should contain strong advice to MUA. MUA developers do read RFCs, otherwise they would never have done POP/IMAP...

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://dmarc.org/pipermail/dmarc-discuss/attachments/20140605/0f666e3e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://dmarc.org/pipermail/dmarc-discuss/attachments/20140605/0f666e3e/attachment.bin>


More information about the dmarc-discuss mailing list