[dmarc-discuss] On Inbound DMARC Support
Steven M Jones
smj at crash.com
Wed Jun 18 15:42:02 PDT 2014
On 06/18/2014 08:02 AM, John Levine via dmarc-discuss wrote:
>> As a community promoting DMARC, we have an obligation to champion deployment at both ends - inbound as well as
>> outbound. A first step is to let our vendors know DMARC support is requirement.
> Um, perhaps they've heard about AOL and Yahoo and have reasonable
> concerns about losing real mail.
Ignoring the swipe at current AOL and Yahoo policies, which are not the
sole determinants of DMARC usefulness, corporate use of email comes
under a lot of constraints that don't apply when considering free
There are a lot of B2B mailstreams that represent very attractive
targets for attack - selectively or at scale. Similar to the case for
B2B use of enforced TLS, they are places where the use of DMARC could be
> Nothing personal, but like 99.9% of the people in the world, I care
> nothing about your brand.
Which has no bearing on whether or not inbound DMARC filtering should be
considered for corporate infrastructure. Like 99.9% of the people in the
world, you and I would never see the use of DMARC in these B2B cases.
But if it can help put any dent whatsoever in the endless stream of
corporate data breaches, for example, I think it's a net benefit for
More information about the dmarc-discuss