On 6/7/2014 3:24 PM, Larry Finch via dmarc-discuss wrote: > > Except, as I and others have discovered in the past few days, DMARC does > NOT make email "so much more secure,” as phishers and spammers have > already found workarounds to continue their assault. So all DMARC has > accomplished is to inconvenience large, distributed communities of > legitimate mail forwarders such as mailing lists with no long term benefit.
I hope there was nothing in my note that seemed to comment on dmarc efficacy, one way or the other. I was trying only to comment on the differences in the nature of open-relay vs. dmarc analysis. The question of dmarc work-arounds raises the basic question of short-term vs. long-term. The paradigm change being imposed is a long-term effect. If, in fact, the benefits are really only short-term, that's an extremely expensive cost for a brief improvement. Arguably, the mechanisms being put in place to make mailing list participation work for authors of p=reject dmarc domains essentially provide a road-map for abusers to follow. That would, indeed, seem to make real dmarc benefits rather short-lived. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
