On 03/30/2013 07:03 PM, John Levine wrote:
I hope some solution to this problem with mailing lists is found.
On further consideration, there are some straightforward fixes that
puts the work where it belongs and avoids causing damage to third
parties;
a) Implement p=reject by discarding mail rather than SMTP rejects. That's
what we did in ADSP. You still run the risk of losing mail your users want,
but that's between you and them, and it's inherent in any scheme like this.
b) If a mail system implements p=reject on incoming mail by SMTP
rejects, it MUST first identify sources of mailing list and other
"friendly" forwarded mail and not apply DMARC to them. This appears
to be what Google does.
c) Since the number of domains subject to active phishing is relatively
small, just do p=reject for those. This is roughly what Facebook does,
although I think they flip the list the other way, a list of DMARC to
ignore.
Regarding b) and c): if the companies that took the initiative to launch
DMARC use various techniques themselves to prevent collateral damage,
they should publish those techniques to the community.
/rolf
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
