> On Apr 11, 2023, at 9:14 AM, Mark Alley
> <mark.alley=40tekmarc....@dmarc.ietf.org> wrote:
>
>
> I agree with where you're coming from, as these were my same concerns as
> well. That's why I also tried to say a couple of times that I feel if we make
> an effort to make clear the interoperability expectations, but also have
> accompanying language that those specific expectations do not make a
> statement about perceived security benefits of strict DMARC policies... - My
> hope is that should be sufficient enough of a compromise to address
> everyone's concerns.
>
Thanks. Even if it hasn’t always been the case, DMARC has evolved to be thought
of by most technical people as focused on security. I bet a poll would reveal
this to be the case. On the marketing side, authentication’s priority benefit
is deliverability, though I realize that dmarc can’t make up for sins such as
bad list hygiene.
the motivation of almost all tech people, including security folks, for
implementing DMARC is for security and to protect their brand reputation. I
know I don’t have much influence here so I’ll just say it one more time: people
are motivated by security and would not want to compromise that for mailing
lists.
I think we should focus on security. It’s what most people want from dmarc. Of
course it only protects exact domain phishing but there are other services that
address other threats.
this is our chance to really be in synch with why people want dmarc, which will
open up more opportunities to do interesting things than a standard with a sort
of ambiguous purpose. Ambiguity doesn’t lead down a good road.
Neil
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
