On Mon, Sep 11, 2023 at 6:36 AM Douglas Foster < dougfoster.emailstanda...@gmail.com> wrote:
> We are still trying to fix an evaluator problem by changing domain > owner behavior. No harm in giving domain owners the warning, but changing > evaluator behavior would be much better. Presumably, the evaluator > behavior that we have today is the result of RFC 7489 wording, so we may be > able to change future evaluator behavior by strategizing the language of > DMARCbis. > IETF is not the behavior police. > > Compare email authentication to a controlled-access building. On any > given day, some employees will arrive at work to discover that their badge > is back at home. How is it handled? By sending the employee to the > physical equivalent of quarantine: the pass office. Most employees can > be validated by another method, such as driver's license or biometrics. > An employee who forgot his wallet and cannot be verified by biometrics > will lose a day's work. However, a person who is identified as using a > fake ID will be led away by police. > > Email authentication is not much different. We are judging message > source acceptability, not individual messages. > Absolutely incorrect. DMARC is a deterministic pass|fail approach based on validation through DKIM or SPF pass (or if both pass). It says nothing about the acceptability/goodness/badness of a source. 100% email authentication is possible and should be the goal. Quarantine > is the preferred place to send unauthenticated mail, regardless of sender > policy (or lack of policy). In quarantine, acceptable messages are given > alternate authentication and released, just as the secure-building employee > is given a temporary badge or replacement badge. If lack of authenticated > is discovered to be a fraudulent attacker, then all messages from the > attacker should be blocked, not just the impersonation messages. > > When it seems impossible to quarantine and review every unauthenticated > message, triage becomes necessary. The messages with highest perceived > risk are sent to quarantine and the lower-risk messages are released and > reviewed as time permits after the fact. > This is the dumbest approach possible. Think about it. What you are saying is "With all our expertise, technology and automation, we are going to hand the messages we think are the riskiest to you, the end user, who has no expertise to figure out whether this message is safe". What is wrong with this picture? > Either way, the workload steadily decreases as message sources become > permanently authenticated or permanently blocked. > Maybe the workload decreases and maybe it doesn't. You are making a huge assumption that an authenticated message source will permanently be authenticated and a blocked message source will permanently be "bad". This approach creates real problems. In any event, this isn't how DMARC works. DMARC validates each message on its own. DMARC does not involve reputation. Please stop trying to conflate things outside of DMARC with DMARC. Michael Hammer
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
