Larry, > Except, as I and others have discovered in the past few days, DMARC does > NOT make email "so much more secure, as phishers and spammers have > already found workarounds to continue their assault.
It can't by itself, no. It needs to be used together with some means to knock out the look-alike domains. Such as an address-book filter, or a reputation-based filter. But that puts us back into the arguments about the value of anything that relies on user behavior, including the need to patrol a Spam folder for the inevitable false-positives. > So all DMARC has accomplished is to inconvenience large, distributed > communities of legitimate mail forwarders such as mailing lists ... And the email users that rely on them. > ... with no long term benefit. I'm not so pessimistic as to think that there will be no long term benefit. I just can't imagine any way to effectively obtain that benefit without involving the receiving MUA and its users. -- Shal
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
