On 6/6/20 2:42 PM, Scott Kitterman wrote: > On Saturday, June 6, 2020 5:26:08 PM EDT Dave Crocker wrote: >> On 6/6/2020 2:23 PM, Scott Kitterman wrote: >>> If things like DMARC, SPF, and DKIM do nothing more than get abusers to >>> use >>> different domains than they would otherwise, I think that's a win. >> The issue here is DMARC, not SPF or DKIM, since DMARC is the only one of >> the 3 that restricts the choice of domain name. >> >> With that in mind, I'll ask you why you think the kind of change you >> cite is a win. > 1. I think the domain displayed to the end user matters. In my sample size > of 1, it matters to me. I know I'm not the average user, but independent of > the question of how many users it matters to, there are some. Same with me, but again I'm not the average user. > > 2. When abusers use different domains to send mail, it adds more information > for filters to work on, so even if this is all about filtering, that works > better too.
But when abusers use different domains, the DMARC policy that applies is controlled by them and is therefore meaningless. And the reports, if any (probably none), are sent back to the attacker or their designate. Filtering might be done based on the DKIM signing domain or the envelope-from domain if SPF is used, but neither of those require DMARC. -Jim _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
