[Mailman-Developers] Two more DMARC mitigations

Jim Popovitch jimpop at gmail.com
Fri Jun 13 00:22:13 CEST 2014


On Thu, Jun 12, 2014 at 6:02 PM, Stephen J. Turnbull <stephen at xemacs.org> wrote:
>
>  A senior admin at Yahoo! was very clear on damrc at ietf that they want
> their vanilla users covered by "p=reject" because the threat model
> (which is not phishing, it's "recommended by friend" spam) involves user
> mailboxes.

Yeah, I follow that.  BUT... a very senior architect of DMARC
established the DMARC spec for non-user mail and specifically
recommended that user mail be moved to a non-DMARC signed
domain/subdomain.   AND THEN, a (that very same senior admin?) Yahoo!
employee got involved in the DMARC spec and it became the bastardized
DMARC spec.   I relish in pointing this out from time to time, thank
you for the oppty to do it again.  ;-)

-Jim P.


More information about the Mailman-Developers mailing list