On Tue, Jun 2, 2020 at 4:02 PM Dave Crocker <dcroc...@gmail.com> wrote:
> On 6/2/2020 3:53 PM, Seth Blank wrote: > > The point I was trying to make is that consumers are susceptible to > > fraud, > > Of course they are. Unfortunately, that point is irrelevant, because it > isn't the question at hand. > Dave, this is exactly the point where I think we're on different pages. The From: domain matters because its contents affect user behavior. Unless I'm deeply misunderstanding your earlier posts (and I'm glad to be wrong here), you don't appear to believe this to be true. Alignment matters, because it ensures that the domain which is authenticated matches what the user sees in the inbox (because, rightly or wrongly, inboxes show the contents of the From: header field). When this match fails, a message can be rejected before it's ever in front of a user and capable of causing confusion or fraud. The point is NOT to change user behavior due to what is presented in the From:, it is to prevent manipulation of user behavior by only allowing From: domains to be displayed if they have been authenticated. Your argument seems to be that you don't believe that spoofing the From: domain leads to user impact, or am I completely misunderstanding you? Seth
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
