Let’s imagine DMARC as a security guard for your emails. It checks every email to make sure it’s from who it says it’s from. But like any good security guard, DMARC had to make some decisions about how it does its job. Here are some of those decisions:
1. S/MIME
Think of S/MIME like a special ID card that can prove who sent an email. Some people suggested DMARC should use S/MIME as a third way to check emails. But S/MIME is more like a person-to-person ID, not a company-to-person ID, which is what DMARC needs. Plus, S/MIME has some problems, like how to share the keys to read the ID cards. So, DMARC decided not to use S/MIME for now.
2. Method Exclusion
Imagine if DMARC could tell its security guards to only check for certain types of ID. This was suggested, but DMARC decided not to do it. If a company’s ID system isn’t working well, they have a few options. They can fix their system, use a different ID system, or use DMARC just to report problems, not to block emails.
3. Sender Header Field
The Sender Header Field is like the return address on a letter. Some people suggested DMARC should check this. But not all email programs show this address, and it can be easily faked. So, DMARC decided not to check it.
4. Domain Existence Test
This is like checking if the return address on a letter is a real place. DMARC used to do this, but it found that it made too many mistakes. So, it stopped doing it.
5. Issues with ADSP in Operation
ADSP is like an older version of DMARC. DMARC learned a lot from ADSP’s problems. For example, ADSP couldn’t protect subdomains (like “security.example.com”), didn’t work well with SPF (another type of email ID), and couldn’t be rolled out slowly. DMARC was designed to avoid these problems.
6. Organizational Domain Discovery Issues
This is like trying to protect a company’s main office and all its branches. ADSP could protect the main office, but not the branches. DMARC can protect both, but it’s not perfect. It uses a list of public suffixes (like “.com” or “.org”) to figure out the main office’s address. But if different people use different lists, it can cause problems.
Remember, this is a simplified explanation. In reality, using DMARC involves a lot of complex processes and technologies. But just like a security guard protecting a building, it’s all about making sure your emails are secure and trustworthy.
Was this helpful?
0 / 0