> You could just show the domain in green on the MUA, to show that > this email is successfully DMARC authenticated by the domain and the > domain as strong DMARC policies (p=reject). I feel it should show the > UTF8 version as well as the puny code version.... > > No need of a CA.
If this were done then what is stopping me, as a spammer, from registering 1inkedin.com (or something similar to another high profile target), and then setting up DKIM and DMARC? If I send a malicious email, it would get highlighted the same as a message from linkedin.com. That's not what we want when it comes to highlighting messages; we are looking for the senders that we trust, not merely the senders that authenticate. -- Terry From: Franck Martin [mailto:fmar...@linkedin.com] Sent: Thursday, June 5, 2014 5:00 PM To: Terry Zink Cc: dmarc-discuss@dmarc.org Subject: Re: [dmarc-discuss] DMARC thwarted already? On Jun 5, 2014, at 4:22 PM, Terry Zink via dmarc-discuss <dmarc-discuss@dmarc.org<mailto:dmarc-discuss@dmarc.org>> wrote: Doesn't this come back to the whitelist idea? For the green bar SSL certs (Extended Validation), the certs have a bunch of information encoded in it, and the browsers have a list of CA's that they trust. AFAIK, the only way to do that for email is through DKIM but you wouldn't highlight all DKIM-signed email, only DKIM-signed email that you trust which is compared against a whitelist. -- Terry You could just show the domain in green on the MUA, to show that this email is successfully DMARC authenticated by the domain and the domain as strong DMARC policies (p=reject). I feel it should show the UTF8 version as well as the puny code version.... No need of a CA. Spammers could use DMARC too, but it is about authentication/attribution not about reputation. It seems to me the DMARC spec, should contain strong advice to MUA. MUA developers do read RFCs, otherwise they would never have done POP/IMAP...
_______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
