On 4/8/2014 9:13 AM, Steve Atkins wrote:
It's easy to fix mailing lists without that loss of functionality.
Block any attempt to post to a mailing list from a domain that
publishes strict DMARC. That doesn't affect functionality for
legitimate users and it complies with the domain owners
wishes (however misguided).
That's clever, and oddly constructive. It informs the user of the issue
at exactly the right time: when the subscription is being attempted and
the user is focused on the possibility of the subscription having
problems. Much better than indirect and obscure notification later,
after posting a message.
On the other hand, this has the classic problem of requiring mailing
lists to change. That is, this approach does not help anyone currently
and won't help much for a very long time, if ever.
Hmmm. Mailing lists that send confirmation messages tend to follow some
common message templates.
One could imagine the agency that is publishing DMARC putting some
effort into noticing the arrival of these verification messages and
taking some action with their user, essentially emulating what the
mailing list might be modified to do.
So, the folks who are alreay being active about the change would have to
be a bit more active and helpful.
We should also have a longer discussion of whether training
people that
From: "[email protected]" <[email protected]>
is legitimate, rather than badly done phishing, is a good idea.
And whether we'd need meta-DMARC to block mail that's
From: "[email protected]" <[email protected]>
That's on some people's "next steps" list for consideration. Getting
the details right 0-- to distinguish forms of display field that are
essentially certain to be problematic, from the infinite range of other
forms that are not -- is challenging.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
