[166698] in North American Network Operators' Group
Re: Email Server and DNS
daemon@ATHENA.MIT.EDU (Dave Crocker)
Mon Nov 4 10:22:36 2013
Date: Mon, 04 Nov 2013 07:21:30 -0800
From: Dave Crocker <dhc2@dcrocker.net>
To: nanog@nanog.org
In-Reply-To: <20131104041109.2905.qmail@joyce.lan>
Reply-To: dcrocker@bbiw.net
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 11/3/2013 8:11 PM, John Levine wrote:
>> I would recommend you go a
>> step further and use DKIM, ADSP, and DMARC.
>
> Using DKIM is a good idea. Do *not* use ADSP. It is a failed
> experiment which will provide no benefit and considerable pain.
+1
> If you believe that your domain is heavily forged (which if you are
> not Paypal, Facebook, or a large bank or ISP, it almost certainly is
> not), you can set up a DMARC record to collect some statistics about
> what mail other people are getting that appears to be from you. Do
> not try to use DMARC to tell people to quarantine or reject your mail
> until you are really sure you understand the statistics you're
> getting.
+1
The 'reporting' function in DMARC appears to have wide applicability and
substantial benefit. The handling (rejection, etc.) function has very
narrow benefit.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
