On Mar 28, 2013, at 5:36 PM, Al Iverson <[email protected]> wrote: > On Thu, Mar 28, 2013 at 4:18 PM, J. Gomez <[email protected]> wrote: >> Will DMARC make it hard for outsourced marketing mail operations? >> >> I just got this email (which is not spam, I subscribed to this marketing >> material) in which RFC5321.MailFrom and RFC5322.From are obviously not in >> allignment, which is understandable as the sending party (the outsourced >> marketing company) will want to handle themselves the bounces for that email >> campaign, but nontheless the RFC5322.From address has to be a subdomain of >> microsoft.com to give it "authenticity" in the eyes of the final recipient >> as it's the RFC5322.From address what the recipient's MUA will display to >> the user. > > Hard? From a technical perspective, no. There are other challenges, though. > - DMARC is new, not everybody knows about it or is prepared to, or > knowledgeable enough to implement it. > - The outsource provider (hi!) is typically dealing with (only) > marketing people at the client. This is not the DMARC-savvy > department. It's hard to make the case to the marketing people from > outside. What works better is that the security people inside the > client organization drive it home sideways, then we help to implement > it. > - Adjusting the configuration on the outsource provider side isn't > hard. But the client is in the driver's seat, not the provider. The > client would need to choose to put some proper bits in DNS to allow a > DKIM signature that properly aligns with the PRA, then request that > the provider update this configuration.
Hi J. Gomez, Adding to Al's list, I'd add "Yes". There are quite a few outsourced marketing email providers that serve customers that do not have the ability or desire to go mucking with DNS to "do it right". Serving those customers is hard because they really want their domain in the "From:" header, and until registrar and email service providers partner to make it easier, DMARC will likely remain beyond the reach of said customers. Back to your example, though. A large company that wants DMARC would likely delegate sub-domains for outsourced marketing providers to manage themselves. As Al said, controls that can be applied at the email domain level are relatively new, and getting organizations to incorporate this into their practices takes time (and effort!). HTH, =- Tim _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
