is
> all about local policy. A receiver has the option, based on Local Policy and
> the implementation software to offer:
>
> (o) Reject with 55x before DATA state
Given that the 5322.from is crucial for DMARC, and the 5322.from is transmitted
after DATA, how can you evaluate DMARC b
to screw up their delivery.
laura
--
Having an Email Crisis? We can help! 800 823-9674
Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741
Email Delivery Blog: https://wordtothewise.com/blog
___
dmarc mailing l
g the verified identity out to bits of the email that the end user
(sometimes) sees.
laura
--
Having an Email Crisis? We can help! 800 823-9674
Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741
Email Delivery Blog: https://wordtothewise.com/blog
__
rs are part
of the body of the message.
laura
--
Having an Email Crisis? We can help! 800 823-9674
Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741
Email Delivery Blog: https://wordtothewise.com/blog
_
the Reply-To: to the original author which
means some kinds of filtering can trigger off that. Other mailing lists point
Reply-To: to the list address, which breaks the second. Both things are
important to mailing list usability.
laura
--
Having an Email Crisis? We can help! 800 823
> On 21 Jul 2020, at 00:20, Brandon Long
> wrote:
>
>
>
> On Mon, Jul 20, 2020 at 2:00 AM Laura Atkins <mailto:la...@wordtothewise.com>> wrote:
>
>> On 19 Jul 2020, at 19:08, Murray S. Kucherawy > <mailto:superu...@gmail.com>> wrote:
>
> On 21 Jul 2020, at 02:18, Murray S. Kucherawy wrote:
>
> On Mon, Jul 20, 2020 at 1:59 AM Laura Atkins <mailto:la...@wordtothewise.com>> wrote:
> There was a research project done by an inbox provider and a major supporter
> of DMARC presented at a MAAWG meeting a f
marketing I’ve seen
about DMARC is all about user experience and the user being able to trust mail
is “from who it claims to be from.” And now people are explicitly layering on
another protocol that is all about what the user sees in the MUA.
laura
--
Having an Email Crisis? We can help! 800 8
out why.
laura
--
Having an Email Crisis? We can help! 800 823-9674
Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741
Email Delivery Blog: https://wordtothewise.com/blog
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
> On 28 Jul 2020, at 16:14, Alessandro Vesely wrote:
>
> On Tue 28/Jul/2020 11:07:19 +0200 Laura Atkins wrote:
>>> On 28 Jul 2020, at 08:36, Alessandro Vesely >> On Tue 28/Jul/2020 08:54:02 +0200 Autumn Tyr-Salvia wrote:
>
>>>> # The resulting messag
dressed more comprehensively you’ll see a much
bigger adoption for DMARC, particularly among larger companies.
laura
--
Having an Email Crisis? We can help! 800 823-9674
Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741
Email Delivery Blog: https://wordtothewise.com/blog
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
> On 29 Jul 2020, at 13:46, Todd Herr
> wrote:
>
>
>
> On Wed, Jul 29, 2020 at 6:55 AM Laura Atkins <mailto:la...@wordtothewise.com>> wrote:
>
> I’m not sure why deliverability people are even mentioned here. The problems
> with DMARC primarily affect
articipating in any mailing list.
laura
--
Having an Email Crisis? We can help! 800 823-9674
Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741
Email Delivery Blog: https://wordtothewise.com/blog
___
dmarc mai
> On 14 Aug 2020, at 17:18, Dotzero wrote:
>
>
>
> On Fri, Aug 14, 2020 at 10:46 AM Laura Atkins <mailto:la...@wordtothewise.com>> wrote:
>
>
>> On 14 Aug 2020, at 09:27, Dotzero > <mailto:dotz...@gmail.com>> wrote:
>>
>> No
re’s a difference between accepting it and working around the damage it
causes to let users continue to use mailing lists. Consumer mailbox providers
deciding their users couldn’t participate in mailing lists was and is a
problem. Companies preventing their employees from participating in work
re
where From: rewriting can cease.
>
> 16 years have passed since the FTC event, which is 1/3 of those 45. What I
> see looks much like a very mild shift. Lazy operators have plenty of time
> before the semantic change is established, at some point in the medium-term
> future, if ever.
>
> Best
> Ale
> --
>
> [*] For MLMs to resume traditional address usage, the most promising I-D's is
> dkim-transform, IMHO.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ___
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
--
Having an Email Crisis? We can help! 800 823-9674
Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741
Email Delivery Blog: https://wordtothewise.com/blog
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
> On 17 Aug 2020, at 12:25, Alessandro Vesely wrote:
>
> On Mon 17/Aug/2020 11:46:55 +0200 Laura Atkins wrote:
>>
>> The forum page is off the FTC website, but the document links are
>> still accessible:
>
>
> A copy is here:
> https://web.archive.org
not sure I’d agree. I saw the workshop as mostly a political
(and educating the politicians) exercise. The effort and innovation were
already there and being done by a lot of people who weren’t there. I’m kinda
bemused by the importance folks have assigned to it in relation to the vast
> On 19 Aug 2020, at 00:21, Brandon Long
> wrote:
>
>
>
> On Mon, Aug 17, 2020 at 5:22 AM Laura Atkins <mailto:la...@wordtothewise.com>> wrote:
>
>
>> On 17 Aug 2020, at 12:25, Alessandro Vesely > <mailto:ves...@tana.it>> wrote:
>>
ecords and deciding there just isn’t enough
benefit to justify the expense. BIMI is an attempt to bring more benefit to the
table, but I’m not sure even that is enough to justify the overall expense to a
lot of corporations.
laura
--
Having an Email Crisis? We can help! 800 823-967
and validates and seals ARC?
The service provider / outgoing MTA (think SendGrid or other bulk MTAs)
- partially participating: allows domain owner to verify using DKIM or SPF
- fully participating: allows domain owner to verify using both DKIM and SPF
laura
--
Having
re we can all scrape our own mail logs for evidence either way.
This might be a place where one (or more) of the big ESPs can help. They’re
going to have billions of email addresses and know which ones have MXs. I’m
happy to ask for that data if it would be of use.
laura
--
Having an
n the deployment process.
laura
--
Having an Email Crisis? We can help! 800 823-9674
Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741
Email Delivery Blog: https://wordtothewise.com/blog
___
dmarc mailing l
> On 3 Dec 2020, at 06:03, Jim Fenton wrote:
>
> On 2 Dec 2020, at 1:47, Laura Atkins wrote:
>
>> p=quarantine is quite useful, particularly for those folks who are trying to
>> get to a p=reject state.
>>
>> In practice, senders who publish p=none
rom this organization.
p=reject: all mail sent from this domain should be aligned in a DMARC compliant
way. Mail that is unaligned is not authorized by the domain owner and may be
discarded or rejected by the recipient.
laura
--
Having an Email Crisis? We can help! 800 823-9674
Laura Atk
ss.org>
>
> ___
> dmarc mailing list
> dmarc@ietf.org <mailto:dmarc@ietf.org>
> https://www.ietf.org/mailman/listinfo/dmarc
> <https://www.ietf.org/mailman/listinfo/dmarc>
> ___
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
--
Having an Email Crisis? We can help! 800 823-9674
Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741
Email Delivery Blog: https://wordtothewise.com/blog
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
are to
presume that every domain owner knows exactly what they are doing and that
every company understands the implications of a p=reject policy statement.
laura
--
Having an Email Crisis? We can help! 800 823-9674
Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741
Email Delivery Blog: https://wordtothewise.com/blog
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
ly spoofed"
> or "uncertain". What is the algorithm for doing so?
>
> DF
>
>
> On Mon, Dec 14, 2020 at 5:05 AM Laura Atkins <mailto:la...@wordtothewise.com>> wrote:
>
>
>> On 13 Dec 2020, at 21:44, Douglas Foster
>> > <mailt
l flow.
>>
> In the mean time, it would be nice for MUA's to be able to do their part with
> annotating mail. DMARC=fail is really unhelpful with p=none.
>
But, the mail fails DMARC because the domains don’t align.
laura
--
Having an Email Crisis? We can help! 800 823-9674
Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741
Email Delivery Blog: https://wordtothewise.com/blog
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
c-boun...@ietf.org
<mailto:smtp.mailfrom=dmarc-boun...@ietf.org>;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mrochek.com
<http://mrochek.com/>
The policy statement is right there: p=NONE.
laura
--
Having an Email Crisis? We can help! 800 823-9674
Laura Atkins
Word t
#x27;t have a lot of computer expertise nor a
>> lot of need for it.
>
> But these Girl Scout troops are going to publish a DMARC policy despite their
> lack of expertise?
Many Girl Scout troops were affected when Yahoo published p=reject. Which is
probably why
ct, phishers currently do send DMARC verified email where the domain in
the 5322.from is unrelated to the links in the message or to the domain being
phished.
This seems to me to be a step along the path of making DMARC irrelevant by
teaching recipients that mail with a 5322.from address they don’t rec
nd of enduser. He’s getting a trust
indicator in email (DMARC fails) and doesn’t understand what that indicator
means or implies. When I shared the relevant piece of the DMARC spec causing
the DMARC failure he told me that was ‘all gobbledygook’ and that alignment
wasn’t even part of
at messages aren’t blocked.
> Forwarding hides information that the email filter needs to make a correct
> decision. Header rewrite hides the problem, but does not solve it. When
> we get the automation right, predicting user behavior will not be necessary.
You’re going to need
> On 6 Jan 2021, at 15:14, Michael Thomas wrote:
>
>
> On 1/6/21 4:52 AM, Laura Atkins wrote:
>>
>> Most users may know who constantcontact are or mailchimp because they
>> advertise widely. Some might have heard of GoDaddy but do you know what the
>> c
wild in the past few weeks. It was in
the process of investigating a client’s customer due to suspected spam. The
+all was yet more confirmation that the customer was a spammer (as if the
swedish hashbusting text and CAN SPAM violations weren’t enough).
laura
--
Having an Email Crisis? We ca
essary and relevant? Does that process protect people? Does
it faciliate online threats, harassment and stalking? Will someone who is
trying to hide their location due to a credible threat be harmed by this
protocol decision?
laura
--
Having an Email Crisis? We can help! 800 823-9674
nique recipient addresses, the DKIM
> selector should be replaced with * or Null.
>
> I do not have a strong opinion about N, but am thinking 10.
>
> Doug Foster
>
>
>
> On Mon, May 3, 2021 at 4:49 AM Laura Atkins <mailto:la...@wordtothewise.com>> wrote:
>
ses should not be added to any DMARC
reporting.
laura
--
Having an Email Crisis? We can help! 800 823-9674
Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741
Email Delivery Blog: https://wordtothewise.com/blog
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
ith longer forwarding chains.
Without envelope_to, reconstructing the mail flow requires guessing and
manual work.
The current system does not allow for reconstruction of the forwarding pathway.
Additionally, there are privacy concerns with reconstruction of the forwarding
pathway, among othe
gt; dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
--
Having an Email Crisis? We can help! 800 823-9674
Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741
Email Delivery Blog: https://wordtothewise.com/blog
_
> On 21 Jul 2021, at 18:19, John Levine wrote:
>
> It appears that Laura Atkins said:
>> -=-=-=-=-=-
>>
>> This is going to cause difficulties in deployment for a lot of companies and
>> domains. Experience tells us that p=quarantine pct=0 detects forwarder
> On 21 Jul 2021, at 18:24, Dave Crocker wrote:
>
> On 7/21/2021 1:28 AM, Laura Atkins wrote:
>> This is going to cause difficulties in deployment for a lot of companies and
>> domains. Experience tells us that p=quarantine pct=0 detects forwarders and
>> other ty
ssages from some people in
some clients because you can’t search on from: address any longer.
These are usability and UX problems induced by DMARC.
laura
--
Having an Email Crisis? 800 823-9674
Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741
Email Delivery
> On 7 Oct 2021, at 10:37, Alessandro Vesely wrote:
>
> On Thu 07/Oct/2021 09:48:12 +0200 Laura Atkins wrote:
>>> On 7 Oct 2021, at 01:08, Scott Kitterman wrote:
>>> On October 6, 2021 11:37:26 PM UTC, John Levine wrote:
>>>> It appears that Alessandro
>> I think Scott is right that we all agree that rewriting From
>>> mitigates
>>> >> >> problems that mailing lists have with DMARC, but at a significant
>>> cost
>>> >> >> in usability.
>>> >> >>
>>> >> &
- an "in alignment" result, as "com" should be identified as a PSD
How is a valid DKIM signature of d=com going to happen?
laura
--
The Delivery Experts
Laura Atkins
Word to the Wise
la...@wordtothewise.com
Email Delivery Blog: http://wordtothewise.com/blog
we really need to go into it. This isn’t being
implemented by every organization hosting their own mail, it’s being
implemented by a few thousand people across dozens of independent projects.
laura
--
The Delivery Experts
Laura Atki
ht choose to reject mail outright if there is no DMARC policy
> published (a.k.a., "No auth, no entry") but it makes no sense to do DMARC
> validation when there is no DMARC policy record published.
>
> If one chooses to do validation in such circumstances, what p= value wo
>
> Best
> Ale
> --
>
>
>
>
>
> ___
> dmarc mailing list
> dmarc@ietf.org <mailto:dmarc@ietf.org>
> https://www.ietf.org/mailman/listinfo/dmarc
> <https://www.ietf.org/mailma
I'm happy to contribute
laura
--
Laura Atkins
Word to the Wise"The Deliverability Experts!"
Direct: 650 678-3454Fax: 650 249-1909
@wise_laura
Delivery blog: <http://blog.wordtothewise.com/>
_
identity by applying
the check_host() function (Section 4) to the "HELO" identity as the
. Checking "HELO" promotes consistency of results and can
reduce DNS resource usage."
laura
--
Laura Atkins
Word to the Wise"The Deliverabil
question has also changed hands
and mail handling is being transferred to another backend.
But they were rather open about it for a while. Part of it was requiring
senders to pre-register selectors.
laura
--
Having an Email Crisis? 800 823-9674
Laura Atkins
Word to the Wise
la...@wordtoth
ng new would be widely deployed.
And there are way bigger issues with SPF that everyone is avoiding. Bring up
one leetle bit and all of a sudden we’re looking at a full rewrite of the spec.
That is just not going to happen.
laura
--
Having an Email Crisis? We can help! 800 823-96
one that’s not currently being used
for something else. Or one that’s rarely used. Continuing to muddy the tar pit
doesn’t help anyone.
IOW, +1 to John’s “invent a new one”
laura
--
Having an Email Crisis? We can help! 800 823-9674
Laura Atkins
Word to the Wise
la...@wordtot
> In any event, the point of IETF standards is to tell people how to
> interoperate. It is not our job to try to save people from themselves. If
> someone doesn't want to use DMARC, that's up to them, not to us or to you.
I don’t think it’s a good idea to obligate organizations to
e how to
>> interoperate. It is not our job to try to save people from themselves. If
>> someone doesn't want to use DMARC, that's up to them, not to us or to you.
>
> I don’t think it’s a good idea to obligate organizations to send reports if
> they
licy - I have seen DMARC Fail/Fail, policy p=reject,
disposition inbox in some reports. Nor can we assume that organizations that
are not sending reports are not evaluating / enforcing policy.
laura
--
The Delivery Experts
Laura Atkins
Word to t
ag. It creates an undefined, possibly infinite, period of migration
>> during which operators can opt out. If we're going to do this, we should
>> discuss including some kind of firm sunset period for the PSL. But now
>> we're walking in the direction of having a flag day,
blish explicit subdomain-specific DMARC policies to prevent
>> inheritance from a higher level, or the organizational domain (which may not
>> be ready for a stricter policy), during implementation. This is a very
>> common configuration.
>> On 2/28/2023 6:07 AM, Laura Atkins
> On 1 Mar 2023, at 09:07, Alessandro Vesely wrote:
>
> Thanks to you and Mark!
>
>
> On Tue 28/Feb/2023 19:00:22 +0100 Laura Atkins wrote:
>>> On 28 Feb 2023, at 17:51, Alessandro Vesely wrote:
>>> What changes when there is a zone cut (delegation) ra
experience:
It makes it difficult to implement filters based on poster address.
It makes it difficult to search for posts by certain authors.
It makes it difficult to respond to someone privately or to reach out to them
for non-list related reasons.
It can even make it difficult to id
lems that I can
> solve myself.
I don’t understand how header rewriting ensures the authenticity of a poster.
Given the data is being modified by the MLM, it seems to me that rewriting
compounds the problem.
laura
>
> Doug Foster
>
>
>
>
>
>
>
>
>
>
> On 14 Apr 2023, at 18:38, Alessandro Vesely wrote:
>
> On Wed 12/Apr/2023 13:41:16 +0200 Laura Atkins wrote:
>>> On 12 Apr 2023, at 12:21, Douglas Foster
>>> wrote:
>>> Any form of security creates inconvenience.
>> Yes. And we make tradeoffs b
On Apr 14, 2023, at 8:37 PM, Dotzero wrote:On Fri, Apr 14, 2023 at 2:00 PM Laura Atkins <la...@wordtothewise.com> wrote:On 14 Apr 2023, at 18:38, Alessandro Vesely <ves...@tana.it> wrote:On Wed 12/Apr/2023 13:41:16 +0200 Laura Atkins wrote:On 12 Apr 2023, at 12:21, Do
On Apr 15, 2023, at 4:25 AM, Scott Kitterman wrote:
>
> On Friday, April 14, 2023 10:31:33 PM EDT Jesse Thompson wrote:
>>> On Fri, Apr 14, 2023, at 7:17 PM, Murray S. Kucherawy wrote:
>>> The Sender's users being denied the ability to participate in a list due
>>> to its policies seems to me li
random domain. I keep ending up this isn’t an interoperability issue, it’s just
an end run around DMARC and it’s not the IETF’s place to comment on that.
But I thought I’d bring the discussion up here to see if other folks had
different opinions.
laura
--
The Delivery Experts
Laura Atkins
> On 17 Apr 2023, at 14:01, Dotzero wrote:
>
>
>
> On Mon, Apr 17, 2023 at 4:30 AM Laura Atkins <mailto:la...@wordtothewise.com>> wrote:
>> Reading through the various discussions about how to document the harm DMARC
>> causes for general purpose domain
> On 17 Apr 2023, at 14:15, Scott Kitterman wrote:
>
> On Monday, April 17, 2023 4:29:45 AM EDT Laura Atkins wrote:
>> Reading through the various discussions about how to document the harm DMARC
>> causes for general purpose domains, I started thinking.One way that a
> On 19 Apr 2023, at 14:20, John Levine wrote:
>
> It appears that Jesse Thompson said:
>> -=-=-=-=-=-
>>
>> On Mon, Apr 17, 2023, at 8:37 AM, Laura Atkins wrote:
>>> Should the IETF make the interoperability recommendation that SaaS
>>> p
iVzMouQ1sY/
> _______
> dmarc mailing list
> dmarc@ietf.org <mailto:dmarc@ietf.org>
> https://www.ietf.org/mailman/listinfo/dmarc
--
The Delivery Expert
Laura Atkins
Word to the Wise
la...@wordtothewise.com
Delivery hints and commentary: http://wordtothewise.com/blog
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
3 DMARC reports for that sender / IP combo.
So that’s one bit of evidence that even if the message is not accepted, DMARC
reports are sent.
laura
--
The Delivery Expert
Laura Atkins
Word to the Wise
la...@wordtothewise.com
Delivery hints and comme
ing. These kinds of indirect
corporate mail flows seem to be an increasing problem - I saw another report
of the same issue. I’m interested in hearing what the practical and
implementable solutions are here. I brought it up on one forum and the only
suggestion I got was to “add th
e risk of PII exposure, those few providers that still do
> send failure reports heavily redact them, which in my view makes them all but
> useless for either purpose for which they were originally designed. They
> cannot be used for proper troubleshooting of failed authentication of
itigates the risk of PII leakage to third parties if the domain generating
>> the report is redacting visible PII.
>>
>> Michael Hammer
>
>
>
> --
> Matt Ratliff
> Founder, FunnelTechie
> www.funneltechie.com
> <https://www.funneltechie.com/>
including this one, decided to rewrite the from address rather than
reject users behind a p=reject.
laura
--
The Delivery Expert
Laura Atkins
Word to the Wise
la...@wordtothewise.com
Delivery hints and commentary: http://wordtothewise.com/blog
___
> On 6 Mar 2025, at 16:39, Alessandro Vesely wrote:
>
> On 06/03/2025 14:44, Laura Atkins wrote:
>>> On 6 Mar 2025, at 12:45, Seth Blank
>>> wrote:
>>> On 05/03/2025 03:34, Douglas Foster wrote:
>>>> But it is an IETF problem because IETF is a
77 matches
Mail list logo
