> On Apr 15, 2023, at 4:21 PM, Scott Kitterman <skl...@kitterman.com> wrote: > > > >> On April 15, 2023 10:58:06 PM UTC, Neil Anuskiewicz >> <neil=40marmot-tech....@dmarc.ietf.org> wrote: >> >> >>>> On Apr 14, 2023, at 8:26 PM, Scott Kitterman <skl...@kitterman.com> wrote: >>> >>> Perfect. The goal is working towards consensus is to find something we >>> can >>> live with, so that's exactly what I was hoping for. I don't think it's >>> ideal >>> either, but I can live with it. >>> >>> Scott K >> >> Yes sir, that’s it. However, I’d like to see less of some narratives in the >> discussion especially around costs and benefits. It’s not you, Scott, but >> your post seems apropos. >> >> 1. Cousin domains. We all get that dmarc doesn’t touch those. Dmarc is to >> stop spoofing of exact domains. There are other technologies and methods >> whose responsibility it is to track down and take down fraudsters. >> >> 2. I would like to know if general purpose domain == org domain in most >> cases. Someone suggested the registration of a separate domain for general >> purposes. That sounds reasonable as long as the advice is clear that this >> isn’t advocating cousin domains. >> >> 3. Dmarc should be made to work is as well as possibility to prevent exact >> domain spoofing. I’ve seen spoofing of org domains of companies that you >> wouldn’t think of as a high priority impact. It can cause catastrophic >> consequences to the organization so spoofed. I don’t have to say more here >> as presumably everyone here knows. If you don’t I think it’s critical to >> understand that. If you can’t feel it emotionally then you’ve not explored >> the consequences of spoofing. >> >> So I humbly request a practice of steal manning and dispense with the straw >> men and especially the red herrings. >> > What color herrings would you prefer? > > I really have no idea what that last paragraph means. > > If we can stick to trying to get some consensus on the MUSTard in the main > part of the document, I think we can (and should) address details in the > appendix the proposed language suggests we point to. > > Dude, I have literally worked on email authentication for 20 years. Do you > think I did that without understanding it's a problem? >
Scott, I said it wasn’t your posts that had those problems. See above. I responded to you with this as I see you as the person who is going to actually write the compromise text in the actual document. I meant no disrespect, Scott. I know who you are from SPF fame on. I was just seeing arguments that not much benefit has been seen from enforcing policies not to mention cousin domains and so on. I get the feeling that position is from someone who’s never witnessed the consequences of malicious spoofing. So I apologize, Scott, I neglected to explain my concerns. Neil _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
