On Jun 7, 2014, at 10:42 PM, Larry Finch via dmarc-discuss <[email protected]> wrote:
> > On Jun 7, 2014, at 4:14 PM, Shal Farley <[email protected]> wrote: > >> Larry, >> >>> Except, as I and others have discovered in the past few days, DMARC does >>> NOT make email "so much more secure,” as phishers and spammers have >>> already found workarounds to continue their assault. >> >> It can't by itself, no. It needs to be used together with some means to >> knock out the look-alike domains. Such as an address-book filter, or a >> reputation-based filter. But that puts us back into the arguments about the >> value of anything that relies on user behavior, including the need to patrol >> a Spam folder for the inevitable false-positives. >> >>> So all DMARC has accomplished is to inconvenience large, distributed >>> communities of legitimate mail forwarders such as mailing lists ... >> >> And the email users that rely on them. >> >>> ... with no long term benefit. >> >> I'm not so pessimistic as to think that there will be no long term benefit. >> I just can't imagine any way to effectively obtain that benefit without >> involving the receiving MUA and its users. >> > > I agree with that. But I’ve been around this for almost 20 years, and there > have been many schemes to stop spam and phishing, from blocking open relays, > SPF, DKIM, hundreds of RBLs and DBLs, and now DMARC. But no matter what > defense gets erected the miscreants find ways around it. And each one takes a > toll on legitimate users. This is essentially an arms race, and the bad guys > are winning. What is really needed is more savvy end users. It has been > jokingly suggested that perhaps you should need a user’s license and have to > pass tests before being allowed to use the Internet. Obviously not practical, > but anything else is unlikely to work. > May be postmasters should have a license, which would require them to set up SPF, DKIM, DMARC, rDNS, and other things correctly… wait….
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
