Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Port25-Admin2]

http://www.dmarc.org/news/press_release_20120130.html

http://www.dmarc.org

[concep]

Thanks for posting this.

Does this mean that "dkim-identity" directive wont work anymore as I think they require the "d=" value to match the from domain.

For ESPs that have more than one client on an IP it could cause some issues?

Cheers

[Port25-Admin2]

Based on the initial draft, supporting either a relaxed or strict option (with relaxed meaning matching subdomains and not unrelated domains), it does appear on the surface that sites using a 3rd party signer via the dkim-identity feature in DKIM cannot use DMARC. 

Perhaps that will change as more are involved in the standard.

[finepublications]

Hi Friend,
   So,sub domains reputation is not dependent on main domain?And What are things this DMARC will affect?

[Port25-Admin2]

From the WWW site;

A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or DKIM, and tells a receiver what to do if neither of those authentication methods passes - such as junk or reject the message. DMARC removes guesswork from the receiver's handling of these failed messages, limiting or eliminating the user's exposure to potentially fraudulent & harmful messages. DMARC also provides a way for the email receiver to report back to the sender about messages that pass and/or fail DMARC evaluation.

[finepublications]

So,here after no one cant do fraud things in DKIM and SPF,it's Really great.

[CaLViN]

I do not think it will be used by general,it looks like that is special way of protecting BIG brands.

[daniel]

I've heard more about DMARC recently, and that at least Google is/was honoring it. Does anyone know whether they still are or if other ISPs have joined in?

I understand the comment and reasoning about DMARC only helping big brands find out if there are large sources of phishing email or other unauthorized spoof emails, but I do think DMARC would be helpful for smaller senders who want to lock down their email so that only they send email from their domain and the main ISPs block email if it doesn't really come from them.

One of the interesting things about DMARC though is that you can receive reports of violations from the receiving ISP.
Will DMARC formatted responses be supported by PowerMTA? ie. similarly to the handling of feedback loop emails?
They are in a new Authentication Failure Reporting Format (AFRF) which is a subset of ARF format.
See http://www.dmarc.org/specification.html.

[Port25-Admin2]

It is on the radar and a possibility, just depends on demand.

[AlwindB]

we're implementing the _dmarc record per default with all our (new) customers, gives us more information about where the email goes and if they are suffering from possible Phishing/Spoofing of domains.

We see in the Netherlands that banks are adopting DKIM/SPF and DMARC much faster to prevent/protect customers against phishing.
At this point XS4ALL is reporting, so if you implemented DMARC  According to ING (dutch bank) they lowered the amount of phishing messages. (Dutch article: http://www.ing.nl/nieuws/nieuws_en_persberichten/2012/09/xs4all_en_ing_samen_valse_emails_te_lijf.aspx)

The DMARC reports tell you which IP is sending e-mail and pretending to be domain X, it also validates SPF and DKIM.
If you set the policy records you can advise what the ISP should do if they receive messages that fail the SPF or DKIM check.

The aggregated reports or authentication failed reports are nothing like Feedbackloop messages, so the only use for them is separate interpretation of your email/domain flows.