On 03/12/2014 06:19 AM, J. Gomez wrote:
I plain reject on SPF -all, and my clients are fine with it,
Excellent! You have found a tool that works for you, you should
definitely keep using it.
Does it make sense to you that others may find other tools useful
(including ones that you don't) and therefore keep using them despite
their not being useful to you? That a tool is not [currently] useful to
you doesn't make it not useful to others.
senders are not going to go through the all trouble of learning about
DMARC, setting it up, just to end up not using p=reject to "protect"
their "precious" email domain/brand
It is interesting that you quote the words protect and precious, it
makes it look as though you don't view what heavily spoofed domain
owners are using DMARC for as protective and/or that you don't view
their domains - or their customers' money in the case of payment service
providers' customers' whom criminals frequently target - as valuable. Is
this what you intended?
My stated prediction is exactly correct, at least in terms of the
number of mailbox providers currently covered by DMARC.
DMARC's success is measured by number of mailboxes protected, not by
number of mailbox providers.
That could work: a Spamhaus.org-like service for sharing known-good DMARC
whitelisting of DMARC p=reject failure cases, based on the sending domain or,
perhaps better, on known-good mailing-lists/forwarders.
I suspect that this will happen in the not-too-distant future.
In this respect, the situation with DMARC receivers mapping competent
Domain Owners and reliable receivers is comparable to, although probably
easier than, SMTP receivers mapping abusive senders. Doing so in both
cases is clearly beyond the resources of a small receiver, but this does
not mean that either specification is useless generally, or even useless
for small receivers, only that some help on assessing the behaviour of
others is a necessary precondition for small installations.
I already did. It was summarily dismissed, though. So I tried, I did
not just complained.
http://www.ietf.org/mail-archive/web/dmarc/current/msg00167.html
You weren't summarily dismissed. Gaping holes in your proposal were
pointed out, in detail, and you didn't resolve them.
Sorry, but it IS reasonable to expect that someone who goes through
the effort of using his resources and time to find out about your
published policy, will then follow it
This is false. As with just about everything else that receivers do to
protect themselves, either directly or with the aid of others, gathering
data is performed to support a decision, not to delegate that decision
to senders (the whole point of receiver-side security systems being to
disrupt the activities of a class of hard-to-spot sender).
- Roland
--
Roland Turner | Director, Labs
TrustSphere Pte Ltd | 3 Phillip Street #13-03, Singapore 048693
Mobile: +65 96700022 | Skype: roland.turner
[email protected] | http://www.trustsphere.com/
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
