[dmarc-discuss] DMARC limitations
Paul Midgen
pmidge at microsoft.com
Mon Mar 5 19:04:00 PST 2012
I wouldn’t be so quick to say that – generic spam reporting FBLs and receiver-specific programs are common. It’s just very difficult to say go build yet another one without first having demonstrated the reporting being suitably orthogonal or, as you point out, coming with a giant carrot for the receiver.
The point is that DMARC allows the legitimate owner of a domain to declare their policy, it does other interesting things but that’s essentially it.
From: dmarc-discuss-bounces at blackops.org [mailto:dmarc-discuss-bounces at blackops.org] On Behalf Of Adrian
Sent: Monday, March 05, 2012 6:32 PM
To: Mitchell Webb; dmarc-discuss at dmarc.org
Subject: Re: [dmarc-discuss] DMARC limitations
If I were a receiver I probably wouldn't be too interested in providing senders with feedback and getting nothing in return. If these parameters were not implemented in DMARC and receivers define the policies themselves, then there is no point in this entire thing, surely?
________________________________
On 6 Mar 2012 02:02, Mitchell Webb <dmarcmarcd at yahoo.com<mailto:dmarcmarcd at yahoo.com>> wrote:
The incentive for receivers would be they could justifiably tighten their receiving criteria (protecting the users) while having provided senders with information about legitimate / forged emails and their subsequent processing. This could further be expanded to include black/whitelists, content filtering etc...
________________________________
From: Adrian <adrian at hardy.bz<mailto:adrian at hardy.bz>>
To: Mitchell Webb <dmarcmarcd at yahoo.com<mailto:dmarcmarcd at yahoo.com>>
Cc: "dmarc-discuss at dmarc.org<mailto:dmarc-discuss at dmarc.org>" <dmarc-discuss at dmarc.org<mailto:dmarc-discuss at dmarc.org>>
Sent: Monday, March 5, 2012 8:47 PM
Subject: Re: [dmarc-discuss] DMARC limitations
Where is the incentive for receivers to implement DMARC if it is just to provide feedback to senders?
On Tue, Mar 6, 2012 at 1:20 AM, Mitchell Webb <dmarcmarcd at yahoo.com<mailto:dmarcmarcd at yahoo.com>> wrote:
Do the following DMARC parameters "overstep" the bounds that should be allowed of a sending domain?
pct Sampling rate
p Requested handling policy
sp Requested handling policy for subdomains
As they are requests would it not be better for the policy configuration responsibility to rest solely on the receiving mail server? This would essentially relegate DMARC to a reporting system only.
_______________________________________________
dmarc-discuss mailing list
dmarc-discuss at dmarc.org<mailto:dmarc-discuss at dmarc.org>
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://medusa.blackops.org/pipermail/dmarc-discuss/attachments/20120306/697bb73f/attachment.htm>
More information about the dmarc-discuss
mailing list