On Oct 27, 2014, at 2:16 PM, Brett McDowell <brettmcdow...@gmail.com> wrote:
> I’m not sure what the relevance of this particular debate is, but in hopes of > moving us forward, I offer another data point. > > Please remember that you can deploy DMARC and get exactly the desired result > from your DMARC deployment, without deploying any DKIM infrastructure. > Example: you can push a p=reject on a domain that never sends mail. You can > push any p= value for a domain that is only “protected” by SPF records, even > one that is in use, and get exactly the desired result. DKIM is of course > required to achieve the desired result for most mail flows, but DKIM it is > not in any way required for all successful deployments of DMARC. > > Given that fact, perhaps we can stop debating whether or not DMARC is a DKIM > Policy Framework. But what was the point of that debate in the first place? > If we all agreed that DMARC was a DKIM Policy Framework, what outcome would > that have brought us closer to? I suspect there was a purpose for that > argument that might still be relevant to our work even though the argument > doesn’t seem to be supported, but I’m not seeing it yet. Dear Brett, DMARC/SPF hinders third-party services to a greater extent, since DKIM still permits messages that lack modification and SPF does not. A DMARC policy of p=reject against user email accounts will not obtain desired results when third-party services are utilized. This problem can be transparently repaired through the use of TPA-Label at any scale, or eventually through adoption of an excluded but obvious group syntax. An excluded group syntax would not be as secure as TPA-Label, since use of group syntax depends on cautious recipients. There are still many cases where email includes malicious active-content acted upon by MUAs where users prove themselves easily intrigued, even to the point of opening messages in their spam folder (where growing amounts of legitimate email is being found largely because of downgraded DMARC policy). Regards, Douglas Otis
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
