Re: DMARC Deployment

[Brian Epstein <bepstein () IAS EDU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 10/21/2015 03:09 PM, Derek Diget wrote:
> When you find these "legitimate third parties" are you contacting
> them to inquire why they feel they need to send emails with an
> envelope from address (RFC5321.MailFrom) that is not from one of
> their own domains?

All good points.  I was under the impression that SPF was using the
sender's IP address for verification.  Thus, I figured that I would
need to add Constant Contact into my SPF record as a trusted sender
for my domain.

http://support2.constantcontact.com/articles/SupportFAQ/1768?q=spf&l=en_
US&fs=Search&pnx=1

I agree, DKIM is better to authenticate the source, but I'm just
starting with SPF2 for now.

Thanks,
ep

- -- 
Brian Epstein <bepstein () ias edu>                     +1 609-734-8179
Manager, Network and Security           Institute for Advanced Study
Key fingerprint = A6F3 9F5A 26C5 5847 79ED  C34C C0E5 244A 55CA 2B78
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWJ+w8AAoJEMDlJEpVyit4AfcQAItDTFPvVOppmToF+zvhewC6
HRH/D2hWJrIzSt8K1do9QEpK+4yIHaf4a7/igisexWJc3+tPKBak6Q6S1QZ3+GTQ
gcUm5hUWfZ6W4F+DgB1ZgmDMJe+Qn5hokHjyK7gLw7SxBHJdeL1cCtgSKtcI4swh
NIzPVQkyAnJGrwbG1OTs1LMZc0F/TlQDq/TgTkSnRzEnpT05Vc5riC6fBBXehXC3
gf9vafqYZS08zhbZZtZVrhRGIjM3nwegF/mrQRY+6FRoF5F1Q1R+AZ0sPRSoabUa
z+N1VYPJ0dnEQnq8Y7GHg9xJh/w1I/972jCdvXz9bXxvO5QeIWbxaWnNi0C3+gHd
hbKN/YYzI2ZC8n7UWPs0Ei5t/ypvaz7tXpMdMbw+Ipx9ysi8kwQ3J8CYhfg0SAJa
T5qRhu4rRDFyQfD0RfQJePTtD1CCez8mcjJ2JzfFheWweWu6t0OvXytAIJWHrifh
PE4Dm9bhmMo1vrl7HedOsBEXM3uES08IcbHnQbam3pTi3w4rWxO4OgOgR3jOM2wo
ty9omMo7xniUAZWtGyAsImD6fAZvu/yNW2Or8uUeP8+kULfA3MTnf6OgD3DIdePN
WU9ccpfT5/8dnt31/gZJmjSLIVSBt4WCVFMrwSeWH9I+iu11vrAbW8Atu4/SD8Uv
79C78Wbrh5VwPVFbCrmh
=sdLF
-----END PGP SIGNATURE-----