DMARC -> CERT?

Michael Thomas mike at mtcc.com
Thu Apr 17 14:02:03 UTC 2014


On 04/16/2014 09:19 PM, Private Sender wrote:
>
> I'm sorry but is there a fundamental misunderstanding of dmarc going on
> in this thread? Yahoo doesn't want you to be able to send "@yahoo.com"
> email from anything other than THEIR servers which contain the private
> key that corresponds to their DKIM implementation, and conversely dmarc.
> "p=reject" tells the receiving domain to reject the message if it isn't
> signed by the private key that corresponds with the public key that is
> in the dkim txt record for "yahoo.com"
>
> Isn't this the whole point of dmarc? Stop spammers from sending email
> with "@yahoo.com" that doesn't originate from a valid yahoo email server.

There fundamental misunderstanding is the assumption that DKIM signatures
are never broken for valid uses of mail. They are. Would things be so 
simple.

Mike




More information about the NANOG mailing list