On 11/21/17 3:29 PM, Keith Medcalf wrote:
And checking SPF is pretty useful as well. Once you have enforced strict
compliance, however, the effect of SPF is negligible (less than 1/1000%).
DKIM/DMARC generally causes more trouble than it solves (it was designed by a
committee of idiots after all) and should be mostly ignored other than for
displaying a DKIM Signature Status in the mail reader interface.
Most of the problem is the horribly broken e-mail clients, none of which
display useful information. For those old enough to remember postal mail, it
is like having a secretary that throws out the envelope and trims off most of
the inside and signature information before giving you your mail.
---
The fact that there's a Highway to Hell but only a Stairway to Heaven says a
lot about anticipated traffic volume.
DMARC is actually works very well for its originally intended usage, the
preventing of spoofs of important emails (like from banks). The key
point is any domain that uses DMARC must not also be used with a 3rd
party remailing system, like mailing-lists, The problem everyones has
with DMARC is that the yahoos at Yahoo adopted it as a solution for
their security breaches, and rather than tell their users that they have
takens this action and they can not use mailing list or other remailing
services, they told the world, yes, we broke email, we are big enough it
is your job to fix the mess we created.
There is a fundamental problem with the email system that it goes back
to a kinder and gentler time, and it is trivial to spoof most mail.
SPF/DKIM/DMARC are part of the attempt to fix this, and I think the
developers of those understand they have just started. The issue is that
some others have taken these beginnings and deployed it outside the
intended sphere where there are issues still to be resolved.
--
Richard Damon
_______________________________________________
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
