Re: [lopsa-tech] DMARC issue, Yahoo and beyond

Fri, 16 May 2014 16:12:08 -0700 

On Fri, 16 May 2014, Matthew Barr wrote:


On Fri, 16 May 2014, Edward Ned Harvey (lopser) wrote:

Have you looked into who's behind creating DMARC?  AOL, Google,
Microsoft, Yahoo, Facebook, Comcast, and others.




Something to consider is that it was *also* created by Paypal & banks, which 
are frequently spoofed/phished.  Not to mention Linkedin & Facebook...



This is an effort to help reduce spoofing, and incorporates DKIM & SPF into a 
policy spec.



What it means is that a site can say people reject any mail that doesn’t match 
our specs, but it also allows for reporting of just how much spoofing is 
happening.



- One element of the policy is to send reports of errors back to the domain 
owner, which can be invaluable in seeing what others are doing in your name.



Thing about it this way: If you’re on gmail or another site that honors DMARC 
records, it’s pretty much eliminated spoofing & Phishing emails from paypal & 
banks.



If you have a domain that is only used for direct e-mail (which bank and paypal 
official e-mails can easily be), then this sort of thing makes sense.



But if you have people use e-mails in these same domains, then it falls apart, 
because those people will want to use their e-mail for things that aren't 
compatible (such as mailing lists)



It's also one thing to implement a policy of what your users can do with their 
e-mail when they are your employees using your company e-mail (but don't forget 
the need of your techies to be on support mailing lists), and something 
completely different to do this for other users, especially if some of those 
users pay.



As for Yahoo or AOL:  It could be considered a method to push users to use the 
web interfaces more, or just send through the companies servers.  Most do 
already, to be honest.



It doesn't matter if the users use the web interface or not, any e-mail going to 
mailing lists not hosted by yahoo break.


David Lang
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
 http://lopsa.org/


























					Reply via email to