On Tue, Jul 21, 2020 at 2:08 PM Hector Santos <hsantos=40isdg....@dmarc.ietf.org> wrote: >
> Second, DMARC is imposing a new security protocol based on the premise > the "From" is not expected to be changed. How will the MLM/MLS fit? > > It can: > > 1) Supports the security protocol and the problem is solved. > Exclusive domains made a published policy statement for exclusive > signing. The Exclusive Domains does not expect its users to be using > their domains outside the work place. The policy is honored. My understanding of DMARC's purpose was to protect transactional messages from sources like banks, credit card issuers, online shopping venues, and the like. It supposed that those messages should pass only directly from the source to the end point, and that that was so important to security that transport through any intermediary should be rejected as possible forgery. For example my bank statements come from a different domain than mail from a person at the bank. What blew it away was Yahoo's implementation of DMARC on end user personal mail. It was at first believed by many that Yahoo would have to roll it back when their users could not contribute to mailing lists or send mail to people who had old-school forwarding. Instead the industry started developing ways to get around DMARC by changing RFC 822 From headers and RFC 821 MAIL commands... which pretty much un-did the DMARC concept of authorization. It has been demonstrated that #1 is not happening, and it's because sheer deliverability of legitimate email is the priority. -- Joseph Brennan Lead, Email and Systems Applications _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
