On Thursday, June 05, 2014 7:37 PM [GMT+1=CET], Les Barstow via dmarc-discuss wrote:
> I missed a few buy-in requirements for a full fix: updating a > significant portion of the MUA user base, and updating installed > mailing list and MTA software. (I.e buy-in from the Internet e-mail > admin and user community.) > > -----Original Message----- > From: Les Barstow > Sent: Thursday, June 05, 2014 11:34 AM > To: dmarc-discuss@dmarc.org > Subject: RE: [dmarc-discuss] DMARC thwarted already? > > Straightening it out "the right way" probably involves some > combination of revisiting the definitions of the various From/Sender > fields, compliance to those definitions within the DMARC spec, some > kind of resender resign mechanism, and buy-in from MUA, mailing list, > and MTA software providers. I, for one, am not buying-in into it. What you are proposing already exists, essentially it is called X.400 Message Handling System. It was tried, and ultimately did not stick. Going back on topic, though: phishing through the description in the Header-From is not what DMARC protects against, the spec says so explicitly. Regards, J.Gomez _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)