On 10/18/2017 11:14 AM, Grant Taylor via Mailman-Users wrote: > > I think it will be interesting to see what happens as more and more > domains adopt DMARC, including those that use p=reject. Especially with > some of governmental institutions purportedly being mandated to use > DMARC. - IMHO, DMARC is going to eventually become the new norm.
DMARC is not the problem. It is perfectly reasonable for say, irs.gov to publish DMARC p=reject as long as mail From: irs.gov is not an employees personal post to an email list. Presumably the IRS would have rules against that. The problem is when general ESPs that provide addresses in their domain for anyone to use for any personal purpose publish DMARC p=reject. > I also wonder what ARC is going to do to this paradigm. ARC has the potential to help. When say a yahoo.com user posts to a list on my server and the list sends the post to a hotmail.com user, ARC allows me to certify that Yahoo's DKIM signature was valid when I received the mail, then I broke the sig but resigned the mail with my domain's sig and sent it on to Hotmail. Now there is a chain by which Hotmail can verify my sig and the fact that I certify Yahoo's sig. The crux however is Hotmail has to trust me. Now if I'm GoogleGroups, Hotmail will probably trust me but if I'm mail.python.org there might be a mechanism by which I can ask Hotmail and every other ISP to trust me, but is that going to work in practice. I think that remains to be seen. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
