I tried to understand what IETF is doing about email security, and this working group seems to be the only surviving effort. Based on the index, the groups attention is focused on polishing the existing DMARC implementaton rather than plowing new territory. Given the devastating effect of WannaCry and the success of other email-based attacks, I think our work is far from finished.
DMARC / DKIM / SPF rely entirely on sender participation. Too few legitimate senders are implementing these measures in the manner that was envisioned, and too few , and too many spam filters fail to use these tools fully. DMARC represents a powerful concept which can be applied by the receiver, with adjustments, in ways that liberates the receiver from dependency on legitimate senders becoming fearless. I can articulate how that could be done, but I do not know how to start that discussion appropriately. Doug Foster
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
