Re: [dmarc-ietf] Email security beyond DMARC?

Bernie Hoeneisen <> Mon, 18 March 2019 12:57 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D5F92131137 for <>; Mon, 18 Mar 2019 05:57:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id DRyXDFlNARNN for <>; Mon, 18 Mar 2019 05:57:56 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 34E9813110F for <>; Mon, 18 Mar 2019 05:57:56 -0700 (PDT)
Received: from localhost ([]) by with esmtp (Exim 4.86_2) (envelope-from <>) id 1h5rpy-0001RP-29; Mon, 18 Mar 2019 13:57:54 +0100
Date: Mon, 18 Mar 2019 13:57:54 +0100 (CET)
From: Bernie Hoeneisen <>
To: "Douglas E. Foster" <>
In-Reply-To: <>
Message-ID: <>
References: <>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
X-SA-Exim-Scanned: No (on; SAEximRunCond expanded to false
Archived-At: <>
Subject: Re: [dmarc-ietf] Email security beyond DMARC?
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 18 Mar 2019 12:58:10 -0000

Hi Doug

On Sat, 16 Mar 2019, Douglas E. Foster wrote:

> I tried to understand what IETF is doing about email security, and this 
> working group seems to be the only surviving effort.  Based on the 
> index, the groups attention is focused on polishing the existing DMARC 
> implementaton rather than plowing new territory.  Given the devastating 
> effect of WannaCry and the success of other email-based attacks, I think 
> our work is far from finished.

You may want to have a look on some upcoming work. We just started a new 
mailing list, which includes the topic of email security:

  MEDUP -- Missing Elements for Decentralized and Usable Privacy

To subscribe:


Please find more information on:



The former also includes a list of Internet-Drafts describing the MEDUP 

Please be also informated that the LAMPS WG has requested a new work item 
on email header protection to be added to its charter.

Hope that helps!


Modern Telephony Solutions and Tech Consulting for Internet Technology