On 6/4/20 10:39 PM, Dotzero wrote: > > The goal of DMARC was (and is) to mitigate direct domain abuse. > Nothing more and nothing less. It helps receiving systems identify a > (correctly) participating domain's mail. That is why a DMARC policy is > often described as a sending domain's request and local policy is so > important (and can override that request). I'm not clear on what kind of direct domain abuse you're referring to. If we accept that domain names are either not visible or are ignored by the recipient, the domain name doesn't matter much as long as the attacker can get their message delivered, and DMARC doesn't apply because they're using their domain. > > For attackers that deploy DMARC it simply means that they are self > identifying their malicious messages as theirs. No, DKIM and SPF do that. DMARC doesn't have anything to do with identifying messages. > > For Sending domains, SPF/DKIM/DMARC is only one set of tools in > protecting their brand from abuse. It protects end users from abuse. > In fact, in many cases the individuals most susceptible to falling > prey to such abuse may not even be customers of that sending domain. > No, that greeting card you received isn't legit (Nobody loves you). > No, that retailer isn't giving you a $200 gift card. This is why other > tools like takedowns are so important and why the removal of > registrant information from domain registrations has enabled abusers.
So maybe the core question here is, does the identity in the domain name matter or not? It does to me personally because I look at it (whenever I can -- my iPhone doesn't make it easy to display) and I pay attention to it. But I know I'm not a typical user, and I also see increasing evidence of mail client software that doesn't show anything but the Friendly Name. So is there a "brand" associated with the email domain name any more? If the domain name doesn't matter, the binding to the From/Signer address doesn't either. -Jim
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
