[dmarc-discuss] MLM and Header-From rewritting - the SMTPopen-relay analogy
shal at roadrunner.com
Sat Jun 7 13:14:47 PDT 2014
> Except, as I and others have discovered in the past few days, DMARC does
> NOT make email "so much more secure, as phishers and spammers have
> already found workarounds to continue their assault.
It can't by itself, no. It needs to be used together with some means to knock out the look-alike domains. Such as an address-book filter, or a reputation-based filter. But that puts us back into the arguments about the value of anything that relies on user behavior, including the need to patrol a Spam folder for the inevitable false-positives.
> So all DMARC has accomplished is to inconvenience large, distributed
> communities of legitimate mail forwarders such as mailing lists ...
And the email users that rely on them.
> ... with no long term benefit.
I'm not so pessimistic as to think that there will be no long term benefit. I just can't imagine any way to effectively obtain that benefit without involving the receiving MUA and its users.
More information about the dmarc-discuss