On 6/18/20 3:42 PM, Dave Crocker wrote: > > And now I'll note that when DMARC moved from being a way to > authenticate a tightly controlled mail stream, as was originally > discussed during its development, into its broader role, I expressed > the same concern that a correlation not inherently tied to the > misbehavior is one easily routed around. > > However, there is too much industry force behind this broader use of > DMARC for such simple logic to have any useful effect. Rather, we'll > just have to wait for the bad actors to catch on. >
It would be remarkable for IETF to achieve rough consensus on a specification with a known vulnerability while we "wait for the bad actors to catch on." Particularly when that vulnerability relates to an aspect of the specification that has caused widespread deployment problems. _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc