On 6/18/20 3:42 PM, Dave Crocker wrote:
>
> And now I'll note that when DMARC moved from being a way to
> authenticate a tightly controlled mail stream, as was originally
> discussed during its development, into its broader role, I expressed
> the same concern that a correlation not inherently tied to the
> misbehavior is one easily routed around. 
>
> However, there is too much industry force behind this broader use of
> DMARC for such simple logic to have any useful effect.  Rather, we'll
> just have to wait for the bad actors to catch on. 
>

It would be remarkable for IETF to achieve rough consensus on a
specification with a known vulnerability while we "wait for the bad
actors to catch on." Particularly when that vulnerability relates to an
aspect of the specification that has caused widespread deployment problems.


_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Reply via email to