On 04/08/2014 12:46 AM, Barney Wolff wrote:
On the other hand, neither the DMARC spec nor implementations
contemplate coping with mailing lists, which makes it all but
impossible for DMARC ever to be used in practice to reject messages.
This is not true. In particular, the DMARC spec provides a policy
override mechanism and even enumerates possible PolicyOverrideType
codes, notably including mailing_list. A non-zero number of
implementations is making use of this.
On the third hand, it's not clear what DMARC could do to identify an
email that legitimately passed through a list exploder, or even a
forwarding alias.
This is certainly possible, what a receiver is looking for is SMTP
sources that
* are large enough for statistical analysis
* have a vanishingly low complaint/spam rate
* have authentication failures for a large number of domains
* have been this way for an extended period, ideally years.
It may be beyond reach for smaller receivers, obviously, and can't be
used to identify very small forwarders/MLMs.
- Roland
--
Roland Turner | Director, Labs
TrustSphere Pte Ltd | 3 Phillip Street #13-03, Singapore 048693
Mobile: +65 96700022 | Skype: roland.turner
[email protected] | http://www.trustsphere.com/
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
