[dmarc-discuss] On Inbound DMARC Support

Steven M Jones smj at crash.com
Wed Jun 18 15:42:02 PDT 2014

On 06/18/2014 08:02 AM, John Levine via dmarc-discuss wrote:
>> As a community promoting DMARC, we have an obligation to champion deployment at both ends - inbound as well as
>> outbound.  A first step is to let our vendors know DMARC support is requirement.
> Um, perhaps they've heard about AOL and Yahoo and have reasonable
> concerns about losing real mail.

Ignoring the swipe at current AOL and Yahoo policies, which are not the
sole determinants of DMARC usefulness, corporate use of email comes
under a lot of constraints that don't apply when considering free
mailbox users.

There are a lot of B2B mailstreams that represent very attractive
targets for attack - selectively or at scale. Similar to the case for
B2B use of enforced TLS, they are places where the use of DMARC could be

> Nothing personal, but like 99.9% of the people in the world, I care
> nothing about your brand.

Which has no bearing on whether or not inbound DMARC filtering should be
considered for corporate infrastructure. Like 99.9% of the people in the
world, you and I would never see the use of DMARC in these B2B cases.
But if it can help put any dent whatsoever in the endless stream of
corporate data breaches, for example, I think it's a net benefit for


More information about the dmarc-discuss mailing list