[dmarc-discuss] On Inbound DMARC Support
gar at cis.uab.edu
Thu Jun 19 11:50:44 PDT 2014
On Jun 19, 2014, at 11:22 AM, John Levine via dmarc-discuss <dmarc-discuss at dmarc.org> wrote:
> The point of DMARC is for mailbox operators to defend their own users.
> If their users are suffering from the kind of stuff that DMARC deters,
> they should use it, unrelated to what any outsiders want. I discard
> unsigned paypal.com mail because it keeps phish out of my users'
> mailboxes, not because it makes Paypal happy.
Well said!!! This is also why we need to have commercially available tools for me to scrub email bound into my organization because it is likely fraud and potentially malicious. Ideally, it should be implemented near the end of your rule chain, so we don't have to waste DMARC resources blocking Viagra spam (which on a daily basis is the most likely thing you will see, based on the spamming botnets using from addresses they harvest from victim inboxes).
So, while Paypal (the example John used) can certainly evaluate their DMARC rejected or notified emails to find and shutdown phishing sites, if I am a corporate IT director, CISO, or general network defender, my primary desire is to be able to scrub my inbound stream to help protect my users. As a good corporate citizen, though, I would also want to reject back to Paypal, because termination of the offending resource also helps protect other users.
More information about the dmarc-discuss