On 5 Jan 2021, at 10:17, Paypal security confirm your password now
wrote:
reputation for the domain. I have trouble imagining why anyone would
think it's a good idea to get alignment by using third party domains
that recipients don't know.
Because recipients often can’t see (or don’t pay attention to)
the domain name and the reputation system you postulate doesn’t
exist. OTOH, getting alignment avoids a restrictive policy that might
be associated with the original domain.
I think you're saying that I can always evade DMARC problems by
putting an address I control on the From line and nobody will notice.
That would mean that DMARC is useless.
If that's not what you're saying, could you clarify?
I used the word “often” and indeed some people will notice as I did.
But I recall we beat this issue to death a few months ago, although
I’m not sure what WG consensus on that was, if any.
It looks like we’ve strayed pretty far from the subject line (failure
reports) though.
-Jim
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
