On Jun 5, 2014, at 5:10 PM, Terry Zink <tz...@exchange.microsoft.com> wrote:
> > You could just show the domain in green on the MUA, to show that > > this email is successfully DMARC authenticated by the domain and the > > domain as strong DMARC policies (p=reject). I feel it should show the > > UTF8 version as well as the puny code version…. > > > > No need of a CA. > > If this were done then what is stopping me, as a spammer, from registering > 1inkedin.com (or something similar to another high profile target), and then > setting up DKIM and DMARC? If I send a malicious email, it would get > highlighted the same as a message from linkedin.com. That’s not what we want > when it comes to highlighting messages; we are looking for the senders that > we trust, not merely the senders that authenticate. > See the end of the email, where I argued this case… and It is hard to create a club and define the entry level which is open to all, provided they meet some requirements. Besides whoever registered 1inkedin.com and use it to misrepresent us, may have to deal with our lawyers… and I’m not a lawyer… and that would be after spamhaus and/or surbl certainly list this domain... With Web Certificates, history also shows this is about authentication, brand name recognition and attribution, not trust...
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
