[dmarc-discuss] MLM and Header-From rewritting - the SMTPopen-relay analogy

Dave Crocker dhc at dcrocker.net
Sat Jun 7 06:35:09 PDT 2014


On 6/7/2014 3:24 PM, Larry Finch via dmarc-discuss wrote:
> 
> Except, as I and others have discovered in the past few days, DMARC does
> NOT make email "so much more secure,” as phishers and spammers have
> already found workarounds to continue their assault. So all DMARC has
> accomplished is to inconvenience large, distributed communities of
> legitimate mail forwarders such as mailing lists with no long term benefit.


I hope there was nothing in my note that seemed to comment on dmarc
efficacy, one way or the other.  I was trying only to comment on the
differences in the nature of open-relay vs. dmarc analysis.

The question of dmarc work-arounds raises the basic question of
short-term vs. long-term.

The paradigm change being imposed is a long-term effect.  If, in fact,
the benefits are really only short-term, that's an extremely expensive
cost for a brief improvement.

Arguably, the mechanisms being put in place to make mailing list
participation work for authors of p=reject dmarc domains essentially
provide a road-map for abusers to follow.  That would, indeed, seem to
make real dmarc benefits rather short-lived.

d/

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net


More information about the dmarc-discuss mailing list