Re: [dmarc-ietf] Rethinking DMARC for PSDs

Ken O'Driscoll <> Mon, 08 April 2019 14:28 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 2415A120416 for <>; Mon, 8 Apr 2019 07:28:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id FUKyvFuHAhZP for <>; Mon, 8 Apr 2019 07:27:59 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4577E120415 for <>; Mon, 8 Apr 2019 07:27:59 -0700 (PDT)
Received: from localhost []
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=mail; t=1554733677; bh=5Btz/7/hagYSz5fjjj3Jrso9ULoKGYzwwsHeOF3L1Nk=; h=Subject:From:To:Date:In-Reply-To:References; b=tKEAMz5dV5olYDgTZ3Wi7OdTHK7CjZzrk6nF9BKFK1cXMOVZwhosE1qshArCEUe+e dGGEIqs0tVTzxXK12bu0GCkNLYgMiL6jb5TLWHp14tE/Fc+pcHzB39dvN7zkqwfKzH VHtLcQz2fNtxodSKzoVUC/9S3jG+JBgae41WdsCE=
Message-ID: <>
From: Ken O'Driscoll <>
Date: Mon, 08 Apr 2019 15:27:55 +0100
In-Reply-To: <>
References: <20190408005045.5EC462011B2BFE@ary.qy> <> <alpine.OSX.2.21.1904080939220.13124@ary.qy> <>
Organization: We Monitor Email
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.30.5 (3.30.5-1.fc29)
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: clamav-milter 0.101.2 at
X-Virus-Status: Clean
Archived-At: <>
Subject: Re: [dmarc-ietf] Rethinking DMARC for PSDs
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 08 Apr 2019 14:28:08 -0000

On Mon, 2019-04-08 at 09:50 -0400, Douglas E. Foster wrote:
> My focus is on defining a framework for discussing product capabilities,
> while leaving room for vendors to add value above the minimum
> configuration.

That sounds more like what organisations such as Gartner are there for as
opposed to the IEFT. And they do a fairly good job in framing vendor
selection processes.

> Demonstrating email legitimacy is essentially a protocol between sender
> and receiver.   IETF has only defined one half of the protocol, so why
> should we be surprised that the conversation is broken.   Expertise can
> be assembled; the task is desperately needed.

That's not exactly true. The protocols do explain how a receiver should
implement them from a technical perspective. That ensures that there is no
divergence between how say a SPF record is interpreted on a product by
product basis. What they don't do, and what you appear to be alluding to,
is proscribe how receivers should filter spam, and more specifically forged
sender addresses from non-existent domains.

The IETF don't make such proscriptions because a) it's off-mission and b)
there is no one size fits all spam filter configuration.

What works for a small office would be unsuitable for a large corporation,
what works for a large corporation would be unsuitable for a hospital with
a similar number of users and in turn, dealing with millions of users
requires a completely different approach all together.

> In the interim, I am open to recommendations for good spam filters.   I
> have been trying to avoid disparaging the bad ones by name in a public
> forum.

This list isn't the appropriate place for that discussion as it does not
pertain to DMARC, despite the fact DMARC might be baked into some spam
filtering solutions.

Your starting point should be proper functional requirements specific to
your organisation.