ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: DMARC and ietf.org

2016-08-15 06:44:28
from [Rich Kulawiec] [Permanent Link] 
On Sat, Aug 13, 2016 at 11:10:59AM -0400, John R Levine wrote:

DMARC was fine when it was used to protect high value company domains like
paypal.com.  It became much less fine when AOL and Yahoo started using it to
force the costs of their own security failures on third parties.


Worth noting is that their deployment of DMARC has done *nothing*
to address those security failures and thus *nothing* to stop the
forgeries that were the alleged impetus for the deployment.  In fact,
it's arguably made the impact of those worse because they now arrive
with whatever degree of endorsement DMARC validation provides.

---rsk
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Do we actually want to do anything about DMARC?, Alessandro Vesely
Next by Date:  Re: Do we actually want to do anything about DMARC?, Theodore Ts'o
Previous by Thread:  Re: DMARC and ietf.org, Viktor Dukhovni
Next by Thread:  Re: DMARC and ietf.org, S Moonesamy
Indexes:  [Date] [Thread] [Top] [All Lists]