On Tue, Feb 28, 2023 at 3:53 AM Douglas Foster < dougfoster.emailstanda...@gmail.com> wrote:
> Murray, I think we need to acknowledge that we are already in a long > tail. A small percentage of domain owners publish DMARC policies, a > still smaller percentage publish "reject", and evaluators have a hard time > deciding whether to use DMARC because the results are unreliable. The PSD > discussion merely highlights the fact that DMARC results can be unreliable > in both directions - PASS and FAIL. > I'm pretty confused now. A false DMARC "pass" means some combination of a false positive from DKIM, a false positive from SPF, and false alignment, somehow resulting in a "pass" when some other result was expected. That strikes me as extraordinarily unlikely. Are we saying such a threat exists, and the proposed tree walk exacerbates this to the point where it's a concern? A false DMARC "fail" can be caused by any of the three of those severally. This strikes me as more likely, but that's a known problem with DMARC and is a large part of the solution space this WG is exploring even if we leave the PSL in place. Are we saying that the tree walk makes solving this even harder? In either case, I'd love to see an example, even a contrived one, showing the potential impact you're describing. The discussion is a little too abstract for me to be able to picture. -MSK, participating
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc