Re: [dmarc-ietf] Email security beyond DMARC?

DAMY gustavo <> Tue, 19 March 2019 18:03 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8B57F1315B5 for <>; Tue, 19 Mar 2019 11:03:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id SqdDrpAeOB8c for <>; Tue, 19 Mar 2019 11:03:12 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E6D5D1315D5 for <>; Tue, 19 Mar 2019 11:03:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;;; q=dns/txt; s=default; t=1553018590; x=1584554590; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=W43eVN1pIH7tuqpQyAG131OI7VRY1GswGUH4dmmAtCE=; b=kEDOpjGqZguaXzXq01pbtyKyzajMbpkegDZqk1qetxpjgKkxEZlBAMu3 IlxrjAc5WNwD0pKlt9If3ivhIURjBBLZMSBAWds5xOHmQ/htkt3GWTUrj 65Ap+9voAyCDJNXk/7C2cmrWr2iX/h2J9Hh1QnBpo/MLxRcMl02MPapTr JlNFgnAT1+hIiO/JR1FeY7B7qp6A737JRVKBxOel//o7Det1Qf3vghvbV 87WSz8J2+9IYZuV6mahDvyQhimrruKYtkTu+vuSdZKBGbdjoqEyj9CxPW 1vIXpp+3A1RUUJ1JhMWCWb1whcWy3YjpiHW0e5+WubAZRj3NAu7odpKRb g==;
Authentication-Results:; spf=Pass; spf=None
Received-SPF: Pass ( domain of designates as permitted sender) identity=mailfrom; client-ip=;; envelope-from=""; x-sender=""; x-conformance=spf_only; x-record-type="v=spf1"; x-record-text="v=spf1 ip4: ip4: ip4: ip4: +mx -all"
Received-SPF: None ( no sender authenticity information available from domain of identity=helo; client-ip=;; envelope-from=""; x-sender=""; x-conformance=spf_only
IronPort-SDR: XYy2s1P7kRtsFX6A942bD+NmYVALq8yQJdFRk9+L+IjURluD1+9qHzD+h7/oelxaf6aa9ldlGZ IVQCob39SdWd5cLi1Pc9XZIcXB9AV7OPwrB9vrO0SH25JKfBhIYNlnAYf5VQmsDMBzBiyV6k2r gYItE7CHqdJxk+L9tHTqxig07LOg38s22Y6z9fUpypIr3prDv4z6aJCyvqezOjYx7JDgBCaEM1 BKTNzE0BxgI6EFVwP3LmiLYNOlR0pJBpLBep/l/cukzV7+swfmKqaR/wIUzR7Q8ThK6WzIgaCX DB4=
X-IronPort-AV: E=Sophos;i="5.60,245,1549926000"; d="scan'208";a="1890599"
Received: from (2002:c1f7:37a0::c1f7:37a0) by (2002:c1f7:37a0::c1f7:37a0) with Microsoft SMTP Server (TLS) id 15.0.1130.7; Tue, 19 Mar 2019 19:03:00 +0100
Received: from ([fe80::28c1:e4c1:2f2e:11fc]) by ([fe80::28c1:e4c1:2f2e:11fc%13]) with mapi id 15.00.1130.005; Tue, 19 Mar 2019 19:03:00 +0100
From: DAMY gustavo <>
To: "" <>
CC: Bernie Hoeneisen <>
Thread-Topic: [dmarc-ietf] Email security beyond DMARC?
Thread-Index: AQHU3b0Xv/AeslasNkiUwE096qOcBKYTO0Dw
Date: Tue, 19 Mar 2019 18:02:59 +0000
Message-ID: <>
References: <> <>
In-Reply-To: <>
Accept-Language: en-GB, fr-CH, en-US
Content-Language: en-US
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [dmarc-ietf] Email security beyond DMARC?
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 19 Mar 2019 18:03:18 -0000

Very useful links Bernie, thanks for the info.
I wonder if this working group will eventually will make reference  to the concept of PeP  protocol to reinforce the usage of DMARC  you are mentioning below? 

Best Regards
Gustavo Damy

-----Original Message-----
From: Bernie Hoeneisen <> 
Sent: Monday, March 18, 2019 1:58 PM
To: Douglas E. Foster <>
Subject: Re: [dmarc-ietf] Email security beyond DMARC?

Hi Doug

On Sat, 16 Mar 2019, Douglas E. Foster wrote:

> I tried to understand what IETF is doing about email security, and 
> this working group seems to be the only surviving effort.  Based on 
> the index, the groups attention is focused on polishing the existing 
> DMARC implementaton rather than plowing new territory.  Given the 
> devastating effect of WannaCry and the success of other email-based 
> attacks, I think our work is far from finished.

You may want to have a look on some upcoming work. We just started a new mailing list, which includes the topic of email security:

  MEDUP -- Missing Elements for Decentralized and Usable Privacy

To subscribe:


Please find more information on:



The former also includes a list of Internet-Drafts describing the MEDUP challenges.

Please be also informated that the LAMPS WG has requested a new work item 
on email header protection to be added to its charter.

Hope that helps!


Modern Telephony Solutions and Tech Consulting for Internet Technology