[171060] in North American Network Operators' Group
Re: DMARC -> CERT?
daemon@ATHENA.MIT.EDU (Michael Thomas)
Thu Apr 17 10:02:54 2014
Date: Thu, 17 Apr 2014 07:02:03 -0700
From: Michael Thomas <mike@mtcc.com>
To: nanog@nanog.org
In-Reply-To: <534F5646.4050805@snovc.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 04/16/2014 09:19 PM, Private Sender wrote:
>
> I'm sorry but is there a fundamental misunderstanding of dmarc going on
> in this thread? Yahoo doesn't want you to be able to send "@yahoo.com"
> email from anything other than THEIR servers which contain the private
> key that corresponds to their DKIM implementation, and conversely dmarc.
> "p=reject" tells the receiving domain to reject the message if it isn't
> signed by the private key that corresponds with the public key that is
> in the dkim txt record for "yahoo.com"
>
> Isn't this the whole point of dmarc? Stop spammers from sending email
> with "@yahoo.com" that doesn't originate from a valid yahoo email server.
There fundamental misunderstanding is the assumption that DKIM signatures
are never broken for valid uses of mail. They are. Would things be so
simple.
Mike
