Terry Zink wrote: > > > You could just show the domain in green on the MUA, to show that > > this email is successfully DMARC authenticated by the domain and the > > domain as strong DMARC policies (p=reject). I feel it should show > > the UTF8 version as well as the puny code version…. > > > > No need of a CA. > > If this were done then what is stopping me, as a spammer, from > registering 1inkedin.com (or something similar to another high > profile target), and then setting up DKIM and DMARC? If I send a > malicious email, it would get highlighted the same as a message from > linkedin.com. That’s not what we want when it comes to highlighting > messages; we are looking for the senders that we trust, not merely > the senders that authenticate.
Ideally, green-bar displayed emails (via DKIM and/or DMARC and/or SPF pass) would be vouched against domains present in the Recipient's address book. But the problem with that would be that (1) it is highly MUA-dependant, therefore inconsistent if the users changes MUA, and (2) it assumes users keep a well trimmed address book or an address book at all, which in my experience is wrong for about 80% of users. Also, javascript exploits to infect user's address books would become common and annoying. So the solution to the problem, for now, seems to be an custom-made, secret-sauce added value offering that ESP give to their users. Regards, J.Gomez
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
