On 12/9/2020 9:52 AM, tjw ietf wrote:
Obviously the domain owner has no 'authority' over those using the
domain without authorization. For this latter set of folk, the most
the domain owner can do is provide information to receivers of
unauthorized use.
It might be worth a bit of thinking about what, exactly, DMARC can
reasonably do and how it should be summarized, for popular consumption:
*Alignment - *DMARC defines a basis for authenticating use of the
domain name in the rfc5322.From addr-spec. (But nothing else in
that header field or elsewhere in the message, neither header nor body.
*Severity of unauthorized use - *DMARC provides a means of
indicating to receivers how serious the domain owner considers
unauthorized use of that domain name to be.
*Reporting -* DMARC defines a mechanism for reporting DMARC-related
activity by a receiver
I've tried to state each of these precisely and accurately, in terms of
real-world pragmatics.
Comments?
d/
--
Dave Crocker
dcroc...@gmail.com
408.329.0791
Volunteer, Silicon Valley Chapter
American Red Cross
dave.crock...@redcross.org
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc