[dmarc-discuss] How Can ESP's Adopt DMARC?
Robert Burko
rburko at eliteemail.com
Wed Feb 1 16:51:20 PST 2012
>> How many of your customers have a domain spoofing problem?
I'm inclined to say very few have a domain spoofing problem.
But, if given the option to safeguard against it by simply adding a
record to DNS, I'm sure many would do that.
At least, I assume the goal of this new standard is really to have as
widespread adoption as possible and not just for a select group of
organizations that currently have spoofing problems.... although I
absolutely recognize that a key objective was solving that problem for
them.
My thinking is this:
The IT guy at COMPANYABC.com sets up the DMARC because it's new,
exciting, and he was just told about all the great benefits (... good
for overall adoption of the DMARC initiative!)
Then their marketing guy goes and signs up for an ESP whether it is
Elite Email, Constant Contact or someone else...
The ESP does everything they are doing now so that the outbound emails
will pass SPF and DKIM checks.
The marketing guy puts together their first newsletter and sends it out.
... now our story takes a turn because of the new protocol...
The From: address on the email is something at COMPANYABC. This causes
the DMARC verification to fail. Now his email doesn't get delivered.
Are there ways around this... sure...
There have been several people who responded with viable ideas.
1. We can tell COMPANYABC.com that they should NOT implement DMARC
(which kind of hurts adoption)
2. We can do some fancy sub-domain, CNAME, forwarding stuff (which
certainly adds some degree of complexity into the mix)
I understand DMARC is not for everyone and I understand that it had a
specific goal it was trying to achieve.
But, when I first heard about this I was excited that we were taking a
big step in the email sphere to really improve upon things and put an
end to phishing/UCE problems at least to some degree.
After sinking my teeth into it and seeing everyone's comments, it
seems we traded one problem for another.
As Mike said in his earlier message (which I do want to say I
absolutely appreciated his level of thought and insight!):
>> While DMARC may not be appropriate for all senders, I think you are going to find quite a large swath of domain owners that will implement fairly quickly
I think we might see a large swath of domain owners adopt this... and
if that happens, we're going to see the problem I described above
happen over and over again... and I think enterprise level senders
will work with their ESP to adopt DMARC, but I think the SMB market
isn't going to like being told that they either cannot implement DMARC
or have to jump through some serious hoops to work with their ESP to
send out the mailings they've been sending for years and years.
Again, I do appreciate everyone's input as I think discussing things
and getting as many viewpoints as possible is truly important.
More information about the dmarc-discuss
mailing list