Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists

Hector Santos <> Mon, 28 April 2014 12:26 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 7FAE11A09E6 for <>; Mon, 28 Apr 2014 05:26:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -99.301
X-Spam-Status: No, score=-99.301 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ZhRT2MhoSQJD for <>; Mon, 28 Apr 2014 05:25:59 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 730001A0710 for <>; Mon, 28 Apr 2014 05:25:58 -0700 (PDT)
DKIM-Signature: v=1;; s=tms1; a=rsa-sha1; c=simple/relaxed; l=1307; t=1398687950; h=Received:Received: Received:Received:Message-ID:Date:From:Organization:To:Subject: List-ID; bh=w7nfsJKBb6oddul+pnv+rIKdIcE=; b=HKXMIRx78xHJ9h8H2Saf nWRUJFxJPp/UumrR6Wzx0F5p6jThBB+gmGSpqntSJJO0wmmh1J/cm3iZA76WOuqo KxVHpBkv914wBnPhmtoc4x1PaDfffif32K+ZxrFODjh1QxM+dRN+XJVv1FMIFlL5 WnLX++E2j1lvQyybJ5o1+TA=
Received: by (Wildcat! SMTP Router v7.0.454.4) for; Mon, 28 Apr 2014 08:25:50 -0400
Authentication-Results:; dkim=pass header.s=tms1; adsp=pass policy=all;
Received: from ( []) by (Wildcat! SMTP v7.0.454.4) with ESMTP id 1796514767.7985.2420; Mon, 28 Apr 2014 08:25:50 -0400
DKIM-Signature: v=1;; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1307; t=1398687859; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=VlhNrna Qjfp0OeHKukgY6/kGdAY2jTAdNx7+kHrsbTw=; b=OnZutmDUQvb89353xyP3fS6 Wb7Vf4n8n0qMJbcdMYHazlHrHClECODlKyKjHCB1TS4eAXQALaKvlBkRQmwjX8zE ZrN2Lv9yLeyHkgBM51gIcG8Zy0XvusOJQkILhyz+QfL8UrmqoF11vVi92WfYTVlp EcAW6cuqeabuYBrzifcU=
Received: by (Wildcat! SMTP Router v7.0.454.4) for; Mon, 28 Apr 2014 08:24:19 -0400
Received: from [] ([]) by (Wildcat! SMTP v7.0.454.4) with ESMTP id 1816035375.9.1856; Mon, 28 Apr 2014 08:24:18 -0400
Message-ID: <>
Date: Mon, 28 Apr 2014 08:25:43 -0400
From: Hector Santos <>
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: "Murray S. Kucherawy" <>, Miles Fidelman <>
Subject: Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists
References: <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: ietf <>
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 28 Apr 2014 12:26:02 -0000

On 4/25/2014 12:32 PM, Murray S. Kucherawy wrote:
> On Fri, Apr 25, 2014 at 9:16 AM, Miles Fidelman
> < <>> wrote:
>     Thanks for the citation!  Also see below...
> I'm just curious: Is anyone on this thread a lawyer?
> -MSK


You don't need to be a lawyer to understand one's ethical engineering 
obligations. Generally, it would the product development engineer that 
recognizes ethical design issues and product liability issues and it 
would be him/her that would bring a particular issue with their legal 
council.   There has been similar (mail blocks) court/lawsuits 
precedence for what has been described in this thread.

Keep in mind what DMARC purports to offer.  If someone intentionally 
and neglectfully ignores it knowing full well that it can be used as a 
highly reliable fraud detection mechanism which the domain owner has 
given you full authorization to apply ("reject"), if you don't, well, 
that will put you at risk -- despite local policy overrides. Don't let 
yourself hide behind local policy. It may ultimately excuse you with 
the changes in some laws in the past decade, but it won't eliminate 
you from risk.

Hector Santos/CTO
Santronics Software, Inc.