On Fri, Dec 3, 2021 at 6:16 PM Douglas Foster < dougfoster.emailstanda...@gmail.com> wrote:
> I propose that a paragraph along these lines be inserted into the > introduction: > > The DMARC test is characterized by a one-tailed error distribution: > Messages which pass verification have a low probability of being false > positives of actual impersonation. When a recipient intends to exempt a > high-value sender from content filtering, identity verification ensures > that such special treatment can be done safely, without concern for > impersonation. However, the same cannot be said about verification > failures. Verification failures can occur for many reasons, and many such > messages will be safe and desired by the recipient. Messages which do not > verify are optimally handled with manual review, but this may not be > feasible due to message volume. DMARC provides a way for senders and > receivers to safely cooperate to minimize the probability that automated > disposition decisions will be suboptimal. > I have no objection to adding text such as this. It's worth noting, though, that DKIM certainly says this already (at least in its Section 6.1), SPF probably says something similar, and DMARC clearly depends on those. DMARC alludes to this in RFC 7489, Section 10.5, but it's not as explicit as what's proposed here. -MSK
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
