nanog mailing list archives

Re: SPF/DKIM/DMARC et.al.: REALLY LONG [was: is it just me or...]

From: John Levine via NANOG <nanog () lists nanog org>
Date: 5 Jul 2025 22:06:01 -0400

It appears that Michael Thomas via NANOG <nanog () lists nanog org> said:

The research paper I pointed to disagrees. It's not a panacea, but it's 
helpful.


I took a look at the paper and was underwhelmed. They were shocked to find that
most of the Alexa top 1000 don't have DKIM or DMARC records, and well, duh,
that's intended to be a list of the top 1000 web domains most of which don't do
mail at all. For the ones that did do DKIM and DMARC, the mail systems did a
reasonable job of keeping the forged mail out.

You can start with this one:

https://addons.thunderbird.net/en-US/thunderbird/addon/dkim-verifier/


Authentication-Results is not intended by itself to be a UI element, so 
that's not what I'm talking about. Any effort would require 
collaboration with security human factors experts for starters.


A-R tells you whether the DKIM, SPF, and DMARC validations passed.  What else
would you expect to show?  And why do it in the UI rather than at delivery time?

R's,
John
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/CTWHM5RKBMP7XZOC52EIKQVQ3SOYVXK7/

Current thread:

Re: SPF/DKIM/DMARC et.al.: REALLY LONG [was: is it just me or...], (continued)
- - - Re: SPF/DKIM/DMARC et.al.: REALLY LONG [was: is it just me or...] Michael Thomas via NANOG (Jul 03)
    - Re: SPF/DKIM/DMARC et.al.: REALLY LONG [was: is it just me or...] Alex Buie via NANOG (Jul 03)
    - Re: SPF/DKIM/DMARC et.al.: REALLY LONG [was: is it just me or...] Michael Thomas via NANOG (Jul 03)
    - Re: SPF/DKIM/DMARC et.al.: REALLY LONG [was: is it just me or...] Alex Buie via NANOG (Jul 03)
    - Re: SPF/DKIM/DMARC et.al.: REALLY LONG [was: is it just me or...] Michael Thomas via NANOG (Jul 03)
    - Re: SPF/DKIM/DMARC et.al.: REALLY LONG [was: is it just me or...] Amir Herzberg via NANOG (Jul 05)
    - Re: SPF/DKIM/DMARC et.al.: REALLY LONG [was: is it just me or...] Michael Thomas via NANOG (Jul 05)
    - Re: SPF/DKIM/DMARC et.al.: REALLY LONG [was: is it just me or...] Amir Herzberg via NANOG (Jul 05)
    - Re: SPF/DKIM/DMARC et.al.: REALLY LONG [was: is it just me or...] John Levine via NANOG (Jul 05)
    - Re: SPF/DKIM/DMARC et.al.: REALLY LONG [was: is it just me or...] Michael Thomas via NANOG (Jul 05)
    - Re: SPF/DKIM/DMARC et.al.: REALLY LONG [was: is it just me or...] John Levine via NANOG (Jul 05)
    - Re: SPF/DKIM/DMARC et.al.: REALLY LONG [was: is it just me or...] Michael Thomas via NANOG (Jul 05)
    - Re: SPF/DKIM/DMARC et.al.: REALLY LONG [was: is it just me or...] Amir Herzberg via NANOG (Jul 05)
    - Re: SPF/DKIM/DMARC et.al.: REALLY LONG [was: is it just me or...] Barry Shein via NANOG (Jul 05)
    - Re: SPF/DKIM/DMARC et.al.: REALLY LONG [was: is it just me or...] Michael Thomas via NANOG (Jul 05)
    - Re: SPF/DKIM/DMARC et.al.: REALLY LONG [was: is it just me or...] Tim Howe via NANOG (Jul 05)
    - Re: SPF/DKIM/DMARC et.al.: REALLY LONG [was: is it just me or...] Michael Thomas via NANOG (Jul 05)
    - Re: SPF/DKIM/DMARC et.al.: REALLY LONG [was: is it just me or...] Tim Howe via NANOG (Jul 05)
    - Re: SPF/DKIM/DMARC et.al.: REALLY LONG [was: is it just me or...] Michael Thomas via NANOG (Jul 05)
    - Re: SPF/DKIM/DMARC et.al.: REALLY LONG [was: is it just me or...] John Levine via NANOG (Jul 05)
    - Re: SPF/DKIM/DMARC et.al.: REALLY LONG [was: is it just me or...] Mark Andrews via NANOG (Jul 05)

(Thread continues...)