[dmarc-discuss] DMARC thwarted already?
johnl at taugh.com
Thu Jun 5 17:00:20 PDT 2014
>Doesn’t this come back to the whitelist idea? For the green bar SSL certs (Extended
>Validation), the certs have a bunch of information encoded in it, and the browsers have a
>list of CA’s that they trust. AFAIK, the only way to do that for email is through DKIM but
>you wouldn’t highlight all DKIM-signed email, only DKIM-signed email that you trust which
>is compared against a whitelist.
Yes, definitely. See RFC 5518 for one approach.
More information about the dmarc-discuss