On Thu, Mar 28, 2013 at 4:18 PM, J. Gomez <[email protected]> wrote: > Will DMARC make it hard for outsourced marketing mail operations? > > I just got this email (which is not spam, I subscribed to this marketing > material) in which RFC5321.MailFrom and RFC5322.From are obviously not in > allignment, which is understandable as the sending party (the outsourced > marketing company) will want to handle themselves the bounces for that email > campaign, but nontheless the RFC5322.From address has to be a subdomain of > microsoft.com to give it "authenticity" in the eyes of the final recipient as > it's the RFC5322.From address what the recipient's MUA will display to the > user.
Hard? From a technical perspective, no. There are other challenges, though. - DMARC is new, not everybody knows about it or is prepared to, or knowledgeable enough to implement it. - The outsource provider (hi!) is typically dealing with (only) marketing people at the client. This is not the DMARC-savvy department. It's hard to make the case to the marketing people from outside. What works better is that the security people inside the client organization drive it home sideways, then we help to implement it. - Adjusting the configuration on the outsource provider side isn't hard. But the client is in the driver's seat, not the provider. The client would need to choose to put some proper bits in DNS to allow a DKIM signature that properly aligns with the PRA, then request that the provider update this configuration. Cheers, Al Iverson _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
