Re: [dmarc-ietf] Some Gmail comments on DMARCbis version 28

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In message , Douglas Foster writes >The coverage problem is aggravated if we assume rational attackers. >  With a plethora of domains available for impersonation, attackers >are least likely to use domains that are protected with

Re: [dmarc-ietf] Some Gmail comments on DMARCbis version 28

All the best, Hector Santos > On Sep 13, 2023, at 8:51 PM, Dotzero wrote: > > > > On Wed, Sep 13, 2023 at 5:28 PM Hector Santos > wrote: >>> On Sep 11, 2023, at 9:24 AM, Dotzero >> > chastised Douglas Foster >>> >>> Absolutely incorrect.

Re: [dmarc-ietf] Some Gmail comments on DMARCbis version 28

Let's analyze the problem Jim raises, using it to answer Hector's question about where responsibility lies. Our assumed reference model is a fully automated, by-the-spec implementation of RFC 7489. In particular, this means that: - when p=none, unauthenticated messages are never obstructed, for

Re: [dmarc-ietf] Some Gmail comments on DMARCbis version 28

On Wed, Sep 13, 2023 at 5:28 PM Hector Santos wrote: > On Sep 11, 2023, at 9:24 AM, Dotzero chastised > Douglas Foster > > Absolutely incorrect. DMARC is a deterministic pass|fail approach based on > validation through DKIM or SPF pass (or if both pass). It says nothing > about the

Re: [dmarc-ietf] Some Gmail comments on DMARCbis version 28

> On Sep 11, 2023, at 9:24 AM, Dotzero chastised Douglas > Foster > > Absolutely incorrect. DMARC is a deterministic pass|fail approach based on > validation through DKIM or SPF pass (or if both pass). It says nothing about > the acceptability/goodness/badness of a source. So why are we