[Mailman-Users] DMARC and Gmail
Barry Warsaw
barry at list.org
Wed Apr 16 22:25:51 CEST 2014
On Apr 17, 2014, at 04:34 AM, Stephen J. Turnbull wrote:
>Sure, but that's the tradeoff that DMARC explicitly makes. DMARC
>thinks that rejecting spam and phishing is sometimes more important
>than delivering legitimate mail, and that the provider of a mailbox is
>the appropriate entity to make that decision.
Of course, it really doesn't help with phishing because with a slight tweak of
the domain (or even a similar enough non-ascii domain), you can still put
phishing links in the body and I'll bet you'll still fool most people who
would be tricked anyway.
>It's not limited to mailing lists, either. Anybody who has a
>forwarding mailbox is at some risk (in a personal .forward this is a
>simple pass-through preserving the DKIM signature so it should be OK,
Yeah that sucks too. I sure hope none of the FLOSS projects I work on never
publish a DMARC reject.
Sigh.
-Barry
More information about the Mailman-Users
mailing list