On Wed, Nov 16, 2022 at 2:24 PM Douglas Foster < dougfoster.emailstanda...@gmail.com> wrote:
> So no one in this group understands the concept of a side channel > information disclosure? > This is awfully close to an ad hominem attack against the entire group. Please reconsider your approach immediately. Seth, as Chair > > On Wed, Nov 16, 2022, 7:56 AM Laura Atkins <la...@wordtothewise.com> > wrote: > >> There is no ‘unwanted information disclosure’ as they are disclosing >> their own information. If they didn’t want to disclose that information, >> they wouldn’t say anything. >> >> laura >> >> >> >> On 16 Nov 2022, at 12:53, Douglas Foster < >> dougfoster.emailstanda...@gmail.com> wrote: >> >> I am suggesting less reporting, not trying to obligate more. >> >> Let's try to understand the issue this way: Would the following >> Facebook post be wise or foolish? >> >> "My house has 4 doors, and when I leave home, 3 of them are securely >> locked.' >> >> Is there any unwanted information disclosure? >> >> Doug >> >> On Wed, Nov 16, 2022, 6:23 AM Laura Atkins <la...@wordtothewise.com> >> wrote: >> >>> >>> >>> On 16 Nov 2022, at 10:54, John R. Levine <jo...@iecc.com> wrote: >>> >>> On Tue, 15 Nov 2022, Douglas Foster wrote: >>> >>> If a server farm hosts DomainA and DomainB, and I only get DMARC >>> aggregate >>> reports when I send to DomainA, then I can conclude that DomainB is not >>> evaluating DMARC and is therefore more vulnerable to impersonation >>> attacks >>> than DomainA. >>> >>> >>> You can conclude whatever you want, but all you know is that they don't >>> send reports. You don't know whether they are looking at DMARC and for >>> some "security" reason don't send them. >>> >>> >>> Seconding this. There was a major mailbox provider who host both free >>> consumer domains and a lot of corporate domains that didn’t send DMARC >>> reports. They were, in fact, evaluating DMARC, but they did not send >>> reports back. (I believe they are now, but it took a while). >>> >>> In any event, the point of IETF standards is to tell people how to >>> interoperate. It is not our job to try to save people from themselves. If >>> someone doesn't want to use DMARC, that's up to them, not to us or to you. >>> >>> >>> I don’t think it’s a good idea to obligate organizations to send reports >>> if they choose to evaluate DMARC. >>> >>> laura >>> >>> -- >>> The Delivery Experts >>> >>> Laura Atkins >>> Word to the Wise >>> la...@wordtothewise.com >>> >>> Email Delivery Blog: http://wordtothewise.com/blog >>> >>> >>> >>> >>> >>> >>> _______________________________________________ >>> dmarc mailing list >>> dmarc@ietf.org >>> https://www.ietf.org/mailman/listinfo/dmarc >>> >> _______________________________________________ >> dmarc mailing list >> dmarc@ietf.org >> https://www.ietf.org/mailman/listinfo/dmarc >> >> >> -- >> The Delivery Experts >> >> Laura Atkins >> Word to the Wise >> la...@wordtothewise.com >> >> Email Delivery Blog: http://wordtothewise.com/blog >> >> >> >> >> >> >> _______________________________________________ >> dmarc mailing list >> dmarc@ietf.org >> https://www.ietf.org/mailman/listinfo/dmarc >> > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc > -- *Seth Blank * | Chief Technology Officer *e:* s...@valimail.com *p:* 415.273.8818 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
