Re: [dmarc-ietf] Email security beyond DMARC?

DAMY gustavo <> Thu, 21 March 2019 13:01 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B7AD512795E for <>; Thu, 21 Mar 2019 06:01:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Smdal09nRpF0 for <>; Thu, 21 Mar 2019 06:01:01 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 9BE3012423B for <>; Thu, 21 Mar 2019 06:01:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;;; q=dns/txt; s=default; t=1553173257; x=1584709257; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=f4SMIhuJkth27pQSgrvU4vUzNGBkUe05PWXd5x6NmO8=; b=XYOwIQsBbLDRmZf4BOCM8cCe4Ws955HII1hR960iqQLqxBvczarNeryw cPjSsW+Oqg/9fsyjYZuXl1qzrvMo2exKdqFhCKgs4Z+IDoD8ozZYRq6tz dfreQSh7Xxe6brfftlxy368kZw0xxpP/DJnGk/8g+R2/QSc70hjg8tqhF 0ZkMmQMgGvFApu/1RcgobtOQQ1PcOinQJwESkflEcCtQDGBgYTtV4I6T8 T7gW3q99OU4pvhn48SHHYRzwfuiEHDcRxW1u0sDYilawBORM7VvCAKSyk siLmJXxz1fGhYiNknbR7bT5ub2EPJOSmVquXTvSN1BkJSUk45hPkqLgK8 w==;
Authentication-Results:; spf=Pass; spf=None
Received-SPF: Pass ( domain of designates as permitted sender) identity=mailfrom; client-ip=;; envelope-from=""; x-sender=""; x-conformance=spf_only; x-record-type="v=spf1"; x-record-text="v=spf1 ip4: ip4: ip4: ip4: +mx -all"
Received-SPF: None ( no sender authenticity information available from domain of identity=helo; client-ip=;; envelope-from=""; x-sender=""; x-conformance=spf_only
IronPort-SDR: czVtZW+iOLisXABtQfivxis5vzZfXC+yT/rKbcbU7FILjsDo13eQK5GC0/Oq9EVOJlmjEb5lJ/ 4dc3iGWRWP9qeoOCStHOjuiG9p40SfnOVNK/zejvpNn8L09/0U2Itb8VUTddDnX4kO+oMO12Yu SMTPCzNAvIkGVcG+Up+R21WzGC8nFlUjRg8TngQOjcX3vC2mC6Eoyxjv2lMEWopXJMJPP2M80r Qyh+3frm391BV0LZWUCvCk3bsrl3i3NKbwbmwFThe13m2/GhnsZMmXDak74L6v3jh/YPOsdkYI +OA=
X-IronPort-AV: E=Sophos;i="5.60,252,1549926000"; d="scan'208";a="1863314"
Received: from (2002:c1f7:37a0::c1f7:37a0) by (2002:c1f7:37a0::c1f7:37a0) with Microsoft SMTP Server (TLS) id 15.0.1130.7; Thu, 21 Mar 2019 14:00:47 +0100
Received: from ([fe80::28c1:e4c1:2f2e:11fc]) by ([fe80::28c1:e4c1:2f2e:11fc%13]) with mapi id 15.00.1130.005; Thu, 21 Mar 2019 14:00:47 +0100
From: DAMY gustavo <>
To: John R Levine <>
CC: "" <>, Bernie Hoeneisen <>
Thread-Topic: [dmarc-ietf] Email security beyond DMARC?
Thread-Index: AQHU3093v/AeslasNkiUwE096qOcBKYWC7zA
Date: Thu, 21 Mar 2019 13:00:46 +0000
Message-ID: <>
References: <20190319184209.804E42010381DB@ary.qy> <> <alpine.OSX.2.21.1903201042010.79863@ary.qy>
In-Reply-To: <alpine.OSX.2.21.1903201042010.79863@ary.qy>
Accept-Language: en-GB, fr-CH, en-US
Content-Language: en-US
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [dmarc-ietf] Email security beyond DMARC?
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 21 Mar 2019 13:01:05 -0000

Dear John,

But if the AIM is to have an end to end easier to implement encryption +  phishing protection, probably it would make sense? 
This will not reduce the SPAM but using DMARC and properly tune the policy P=reject; pct=100 would help to secure the content and reduce the phishing,  (and sure definitely will not help  to avoid SPAM)  from those compromised accounts.

> If pEp is applied on top of existing email infrastructure (which is 
> likely the case in most scenarios), DMARC can also be used in 
> conjunction with pEp emails.

DMARC has never been an anti-spam scheme.  It's about phishing, which is not the same thing.