I can say that after digging into DMARC with numerous marketers that work
with our delivery team, sometimes getting past that barrier of creating a
p=none DMARC policy helps so much in moving to enforcement. I personally
like the push for a required DMARC policy. Yes, a false sense of security
at its initial stage but sometimes that first push helps to make the next
step (enforcement) happen faster.
*Jacob Hansen*
Senior Delivery Consultant | Expert Services
jacob.han...@sendgrid.com
On Thu, Nov 2, 2017 at 6:53 AM, wrote:
> Send mailop mailing list submissions to
> mailop@mailop.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
> or, via email, send a message with subject or body 'help' to
> mailop-requ...@mailop.org
>
> You can reach the person managing the list at
> mailop-ow...@mailop.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of mailop digest..."
>
>
> Today's Topics:
>
>1. Re: About the Certified Senders Alliance (Tobias Herkula)
>2. Re: About the Certified Senders Alliance (Alexander Zeh)
>
>
> --
>
> Message: 1
> Date: Thu, 2 Nov 2017 12:53:56 +
> From: Tobias Herkula
> To: David Hofstee
> Cc: "mailop@mailop.org"
> Subject: Re: [mailop] About the Certified Senders Alliance
> Message-ID:
> eurprd02.prod.outlook.com>
>
> Content-Type: text/plain; charset="Windows-1252"
>
> By forcing Domain Alignment you would inevitably sacrifice the ability to
> send marketing mails for a huge amount of mom-and-pop shops. Even destroy
> the business model of a couple of ESPs. I don't argue against it, on my
> platform here, we even go the next step and try to force our customers to
> even hide the used subdomain (5321.From == t.example.com | 5322.From ==
> example.com) signed by example.com and our own domain. But we do this out
> of data protection reasoning, we simply don't want to handle "answers" of
> recipients.
>
> I also think that even if you are a mom-and-pop shop you should get your
> own domain and not using gmail.com or whatever as your primary business
> contact. But we are not there yet and pushing to hard on this change would
> simply engage an even bigger unwillingness to change the status quo.
>
> The CSA requirements are being reevaluated every year and if the ISP
> representatives in the CSA counsel think it's time to tighten the rules it
> will happen. From my personal experience, they lag the ability to do an
> ongoing vetting of their members and it often hurts to see competitors not
> getting punished for obvious violations. But they bring something to the
> table that helps to clean up a lot of communication problems an ESP
> normally faces on the day to day operations.
>
> PS: i will bring the domain alignment issue as topic to the discussion for
> adding that as an requirement for the next iteration of the CSA rules...
>
> Kind regards,
>
> Tobias Herkula
> --
> optivo GmbH
> Product Management (Infrastructure)
>
> From: David Hofstee
> Sent: Thursday, November 2, 2017 13:33
> To: Tobias Herkula
> Cc: mailop@mailop.org
> Subject: Re: [mailop] About the Certified Senders Alliance
>
> Hi Tobias,
>
> > I'm working for an ESP who is member of the CSA and ECO and I'm one of
> the biggest contender on the authentication requirements front, I don't
> think that DMARC is an ESP responsibility, but think that an ESP should
> provide everything necessary so that a Brand can use DMARC.
> So you agree with me? Good.
>
> > By forcing the ESP community of CSA to implement DMARC we would not help
> our customers, we would simply give them a false feeling of having done
> something, that does not solves the underlying problem.
> I did not say DMARC. I said DMARC-type authentication (SPF and DKIM
> aligned to sender domain). I specifically made that distinction because I
> agree that requiring (a) DMARC (policy) is not our job.
>
> That said: As an ESP you are not required to support DKIM and SPF aligned
> to the sender domain according to the CSA. Therefore an ESP could become a
> member and their customers may not be able to follow the advise to
> implement DMARC (as given in the guidelines, paragraph 3.10).
>
> Yours,
>
>
> David
>
> On 2 November 2017 at 13:00, Tobias Herkula mailto:tobias.herk...@optivo.com>> wrote:
> I'm working for an ESP who is member of the CSA and ECO and I'm one of the
> biggest contender on the authentication requirements front, I don't think
> that DMARC is an ESP responsibility, but think that an ESP should provide
> everything necessary so that a Brand can use