[dmarc-discuss] MLM and Header-From rewritting - the SMTPopen-relay analogy

Shal Farley shal at roadrunner.com
Sat Jun 7 13:14:47 PDT 2014


Larry,

> Except, as I and others have discovered in the past few days, DMARC does 
> NOT make email "so much more secure,” as phishers and spammers have 
> already found workarounds to continue their assault.

It can't by itself, no. It needs to be used together with some means to knock out the look-alike domains. Such as an address-book filter, or a reputation-based filter. But that puts us back into the arguments about the value of anything that relies on user behavior, including the need to patrol a Spam folder for the inevitable false-positives.

> So all DMARC has accomplished is to inconvenience large, distributed 
> communities of legitimate mail forwarders such as mailing lists ...

And the email users that rely on them.

> ... with no long term benefit.

I'm not so pessimistic as to think that there will be no long term benefit. I just can't imagine any way to effectively obtain that benefit without involving the receiving MUA and its users.

-- Shal



More information about the dmarc-discuss mailing list