[dmarc-discuss] On Inbound DMARC Support

John Levine johnl at taugh.com
Thu Jun 19 08:22:46 PDT 2014


>> Nothing personal, but like 99.9% of the people in the world, I care
>> nothing about your brand.
>
>Which has no bearing on whether or not inbound DMARC filtering should be
>considered for corporate infrastructure.

The point of DMARC is for mailbox operators to defend their own users.
If their users are suffering from the kind of stuff that DMARC deters,
they should use it, unrelated to what any outsiders want.  I discard
unsigned paypal.com mail because it keeps phish out of my users'
mailboxes, not because it makes Paypal happy.

> Like 99.9% of the people in the
>world, you and I would never see the use of DMARC in these B2B cases.
>But if it can help put any dent whatsoever in the endless stream of
>corporate data breaches, for example, I think it's a net benefit for
>consumers.

How can DMARC prevent breaches?  At most we've seen it defend
imperfectly against the consequences a very specific and unusual kind
of breach in which they stole address books of individual mail users.
For the typical breach of financial information, it's irrelevant.

R's,
John


More information about the dmarc-discuss mailing list