As an implementer of DMARC in a large institution and also on my personal domain, I don't believe there are limitations in the deployment of the protocol solely at the large scale, as along as individuals doing so understand what potential ramifications it might have. As admittedly a stretch analog, S/MIME could be viewed similarly since it "breaks" email in MUAs that don't support it.
On the institutional side, it's been extremely successful in mitigating the risks stemming from email attacks (e.g. phishing) for traffic destined to mailboxes supporting the protocol. On the personal side, even though my volumes are but a trickle, it's been effective in ensuring the integrity of my domain from spammers, etc from MTAs as far flung as Sudan, Vietnam, Argentina, India and many other locations around the globe. So I would have to say out of personal experience that it's not solely for the "wealthy and mighty" as you put it. My point being that even individuals care to protect those their message for those who might otherwise be tricked into some malicious activity because of the trust placed on the source address (and the individual behind it). While DMARC may have had a focus on transactional messaging, its use shouldn't be precluded from other situations. -----Original Message----- From: dmarc [mailto:[email protected]] On Behalf Of Vlatko Salaj Sent: Friday, June 06, 2014 2:47 PM To: Stephen J. Turnbull Cc: [email protected] Subject: Re: [dmarc-ietf] confusing 3rd party support so it remains out On Friday, June 6, 2014 7:33 PM, Stephen J. Turnbull <[email protected]> wrote: > DMARC is designed for business entities big enough to be willing > to maintain MTAs to do the signing for them, or pay for somebody > trustworthy to maintain such an MTA for them. You aren't willing, > so your use case is different. be free 2 enlighten me with a link to DMARC draft section saying exactly that, cause i can't find it. also, u r here directly contradicting bunch of other DMARC developers who stated exactly the opposite numerous times. ASAIK internet standards r standards for all, not wealthy and mighty. maybe i'm living in a dream world. > I'm not sure what you mean by 3rd party support in SPF and DKIM. SPF: u can put 3rd party servers in ur domain's SPF records that send email on ur behalf. DKIM: TPA, and other proposed standards similar to it. search for it. > Can you put a third party mailbox in From: with SPF? Sure. *And nobody > trusts it, and nobody should.* if u r so nice to make an example for this, cause i sure can't figure out how would anything like this work. > Anybody with an account at Yahoo! can put your mailbox at your domain > in From:, and it will pass SPF authentication as Yahoo!. Ditto DKIM. no they can't. only owners of a domain address can do such a thing, since every 3rd party domain email address gets validated 1st. so, ur point, invalid. be free to try ur example urself. > Yahoo!'s use of "p=reject" causes you pain? Tell Yahoo! about it. > Or switch to GMail. i don't rly care about yahoo's "p=reject". it just shows how DMARC is broken as it is, but it doesn't affect me much. nor do i care to use gmail, or trust it. >> actually, AFAICS, we have three complete solutions for 3rd party >> support > What are they? AFAICS, there are none, but I'm willing to be > educated. i'm not a search engine. but it seems u r not following this mailing list. > A shame, but "there ain't no such thing as a free lunch." sure there is. it even has a name - FOSS. it's also called open standards. it's also called free books. and let's not forget all those free kitchen for homeless. why am i even commenting on this...? -- Vlatko Salaj aka goodone http://goodone.tk _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
