On Aug 24, 2014, at 3:07 PM, Larry Finch via dmarc-discuss <[email protected]> wrote:
> On Aug 24, 2014, at 4:05 PM, Matt Simerson via dmarc-discuss > <[email protected]> wrote: > >> On lists you don't manage, there is little you can do besides pester the >> list operator and ask them to make their list DMARC compatible. But: >> >> 1. list operators tend to be change resistant >> 2. there are now patches available for most list software to make them >> DMARC compatible >> 3. For unmaintained MLMs, like ezmlm, turning off options like subject >> prefix and trailers suffices. >> 4. ezmlm-idx does have patches >> 5. Some of the MLM patches don't rewrite the sender *unless* they detect a >> p=reject policy >> 6. see #1 >> >> I'm not going to rehash material from the FAQ but thinking about it from the >> list operators perspective, why should *they* have to change *their* list so >> that your silly little anti-phishing security thingy works? (I don't >> subscribe to that school of thought, but that's frequently the attitude) > > This is a vast oversimplification. Of course it is. > And the argument that it eliminates phishing is just wrong. Yes, and your straw man is wearing no clothes. I stated that phishing abuse for *my* domains has been *reduced* in both volume and duration, and I attributed that change to implementing a p=reject DMARC policy. Before DMARC, I got lots of bounce messages, now I get DMARC reports during phish attempts. > I get just as many phishing emails as I did before AOL and Yahoo instituted > DMARC p=reject. These are *not* mutually exclusive experiences. If you don't validate incoming messages against DMARC, *of course* you're going to see just as much phish as before AOL and Yahoo instituted their DMARC policies. DMARC is only blocks phish *from* domains that publish strong DMARC policies to receivers that validate and enforce those strong policies. Matt _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
