On 02/20/2014 05:42 AM, Dorai Ashok S A wrote:
You have a valid point here. I now understand why the receiver gives a
reason "forwarder" and accepts the emails. I just hope its not
exploited to get around DMARC controls.
I meant to comment on this earlier.
DMARC appears to draw an unavoidable parallel with access control
mechanisms in the minds of Domain Owners frustrated by the abuse of
their domain names (e.g.: your first post used words like "enforce" and
"unauthorized", the latter in bold). This is perhaps unavoidable, but
things may run more smoothly if we ever come up with a way to more
accurately communicate DMARC's intention to those who encounter it for
the first time.
DMARC is best understood not as the FUSSP but as a pragmatic tool that
helps Domain Owners and receivers co-operate on an otherwise-intractable
problem, consequently it doesn't attempt to solve the entire spoofing
problem, it merely attempts to make progress on part of the problem. The
fact that the real-world email system contains situations where DMARC
can't make decisions as accurately as Domain Owners and receivers would
like (e.g. legitimate forwarders and independent senders exist and
engage in a variety of perfectly reasonable behaviours that don't mesh
well with DMARC) isn't a vulnerability in DMARC (i.e. something that can
be "exploited"), it's just a problem that DMARC doesn't purport to solve.
It is worth noting that any large scale spoofing via a poorly-secured
forwarder or independent sender would cause most receivers to cease
exempting them from DMARC processing anyway. This difficulty is largely
self-correcting.
- Roland
--
Roland Turner | Director, Labs
TrustSphere Pte Ltd | 3 Phillip Street #13-03, Singapore 048693
Mobile: +65 96700022 | Skype: roland.turner
[email protected] | http://www.trustsphere.com/
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
