On 7/31/20 2:30 PM, John Levine wrote: > In article <b3dd7a3d-1dca-1ece-94f1-42b1e4a58...@wisc.edu> you write: >> I think you're right, and isn't the market indicating that there is demand >> for DMARC designed for other usage patterns? e.g. >> Would the CEO of any of those fortune 500 companies like the idea of their >> personal address being spoofed? > > I dunno.
Well, they are probably unaware when the spoofing occurs (ignorance is bliss), but I know from experience that they (people important enough to complain top-down through management) don't like being the victim of backscatter floods as a result of spoofed return-paths. Same for list bombing (which seems to be increasingly weaponized against our VIPs). It isn't spoofing but list bombing seems to create a similar amount of consternation when I tell them that there's not much that can be done to prevent or mitigate it. > Would they like the idea of mail their assistants send out for them being > silently discarded because it's falsely tagged as being "spoofed"? That's the dilemma. They also don't like their address being changed by mailing lists, but that's what we're stuck with giving them. I think they want their IT staff to deploy an email system and policies that work the way they would expect. They want their organization to be seen as secure, so they don't want to be on the Buzzfeed list of Fortune 500 companies that have neglected to secure their domains with DMARC. Jesse _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc