Mad Max's response to a note from dmarcian

Three days ago, I opined that the Supreme Court ruling could make it illegal to use dmarcian for email security (see my post here). Here is dmarcian's comment:

Thanks for writing about dmarcian! It's fun to see how DMARC is being recognized as critical to online safety. dmarcian offers DMARC support to all sizes, ranging from free accounts to enterprise-level support. Our free trial allows people to see how our system works. Sometimes organizations trial but then have their own internal prioritizations before they continue with DMARC deployment. Although you come to the wrong conclusions about Zappos and dmarcian, it's really great that you're recognizing the importance of DMARC. Thank you!
My reply:

Since I've been unambiguously ragging on Dmarcian, I owe you a concise response.

First, you treated this blog as an opportunity to sell, avoiding the issue of why you aren't addressing your customers' protection by insisting on DMARC enforcement. And how am I wrong about Zappos? Security vendors ought to be contractually obligated to protect their customers. One "F" grade there for you. But more importantly, and critical to your whole architecture is point number two.

Your founder Tim Dragon  (and I believe Agari founder Patrick Peterson) claim to be "fathers" the DMARC specification. So besides DMARC having two dads - not that there’s anything wrong with it - everyone knows DMARC was a committee-generated muck-up (yeah, I'm trying to watch my language). Neither of your two companies can manage to get FedRamp certified for the DOD (DHS BOD 18-01 specification). In other words, the government doesn't trust you, probably because your technology reveals PII (Personally Identifiable Information) as you "protect" your customers. If the DOD doesn't trust you, then neither do I.

Ergo, you get two big, fat zeros from Mad Max in MadCISO. You want to continue this dialogue? Be my guest.


Popular Posts