On Apr 17, 2014, at 04:34 AM, Stephen J. Turnbull wrote: >Sure, but that's the tradeoff that DMARC explicitly makes. DMARC >thinks that rejecting spam and phishing is sometimes more important >than delivering legitimate mail, and that the provider of a mailbox is >the appropriate entity to make that decision.
Of course, it really doesn't help with phishing because with a slight tweak of the domain (or even a similar enough non-ascii domain), you can still put phishing links in the body and I'll bet you'll still fool most people who would be tricked anyway. >It's not limited to mailing lists, either. Anybody who has a >forwarding mailbox is at some risk (in a personal .forward this is a >simple pass-through preserving the DKIM signature so it should be OK, Yeah that sucks too. I sure hope none of the FLOSS projects I work on never publish a DMARC reject. Sigh. -Barry ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org