On April 15, 2023 10:58:06 PM UTC, Neil Anuskiewicz <neil=40marmot-tech....@dmarc.ietf.org> wrote: > > >> On Apr 14, 2023, at 8:26 PM, Scott Kitterman <skl...@kitterman.com> wrote: >> >> Perfect. The goal is working towards consensus is to find something we can >> live with, so that's exactly what I was hoping for. I don't think it's >> ideal >> either, but I can live with it. >> >> Scott K > >Yes sir, that’s it. However, I’d like to see less of some narratives in the >discussion especially around costs and benefits. It’s not you, Scott, but your >post seems apropos. > >1. Cousin domains. We all get that dmarc doesn’t touch those. Dmarc is to stop >spoofing of exact domains. There are other technologies and methods whose >responsibility it is to track down and take down fraudsters. > >2. I would like to know if general purpose domain == org domain in most cases. >Someone suggested the registration of a separate domain for general purposes. >That sounds reasonable as long as the advice is clear that this isn’t >advocating cousin domains. > >3. Dmarc should be made to work is as well as possibility to prevent exact >domain spoofing. I’ve seen spoofing of org domains of companies that you >wouldn’t think of as a high priority impact. It can cause catastrophic >consequences to the organization so spoofed. I don’t have to say more here as >presumably everyone here knows. If you don’t I think it’s critical to >understand that. If you can’t feel it emotionally then you’ve not explored the >consequences of spoofing. > >So I humbly request a practice of steal manning and dispense with the straw >men and especially the red herrings. > What color herrings would you prefer?
I really have no idea what that last paragraph means. If we can stick to trying to get some consensus on the MUSTard in the main part of the document, I think we can (and should) address details in the appendix the proposed language suggests we point to. Dude, I have literally worked on email authentication for 20 years. Do you think I did that without understanding it's a problem? Scott K _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
