On Wed, Dec 9, 2020 at 10:09 AM Dave Crocker <dcroc...@gmail.com> wrote:
> It might be worth a bit of thinking about what, exactly, DMARC can > reasonably do and how it should be summarized, for popular consumption: > > *Alignment - *DMARC defines a basis for authenticating use of the domain > name in the rfc5322.From addr-spec. (But nothing else in that header field > or elsewhere in the message, neither header nor body. > > *Severity of unauthorized use - *DMARC provides a means of indicating to > receivers how serious the domain owner considers unauthorized use of that > domain name to be. > > *Reporting -* DMARC defines a mechanism for reporting DMARC-related > activity by a receiver > > I've tried to state each of these precisely and accurately, in terms of > real-world pragmatics. > These seem like a good starting point, but I'd have to quibble with the "*unauthorized use*" situation. This situation devolves into use-as-imagined vs. use-as-really-used when one considers various intermediary scenarios. Does a domain owner really have the prerogative to define recipient behaviour as "unauthorized"? --Kurt
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
