> On May 7, 2024, at 7:19 PM, John Levine <jo...@taugh.com> wrote: > > It appears that Scott Kitterman <skl...@kitterman.com> said: >>> Addressing this issue - perusing Section 5.5.6, is there anything else >>> we could add that would be acceptable language in an Standards track >>> document to encourage urgency behind a transitory state of p=none use by >>> domain owners? Would that even make sense to do? (Legitimate question >>> for the WG) >> >> I don't think the claim that p=none is "transitory" is at all generally >> correct. It will be in some cases and not others. > > I have to agree. I still have no plans to use anything other than p=none > on most of my domains. > > Also, it's not like p=reject is a magic bullet. It makes some kinds of > mail forgery harder, but it does nothing about lookalike domains or > attacks that use the fact that most mail programs don't even show the > author's address. > > Please, let's not get distracted and let's finish up.
Dmarc is the best tool for the job. There are other tools to fight lookalike spoofing. I haven’t heard a serious claim that dmarc is the miracle cure. You might say it kind of fits the Unix philosophy of a tool that does one thing well. I think there’s been hype. But the good news is it’s easy to explain to someone the limits of DMARC as once you get it it makes intuitive sense. The issue isn’t with DMARC’s excessive claims. It’s some of DMARC’s advocates. I think of DMARC as a key puzzle piece. I feel we have a tendency to think less of DMARC, even undervalue it, because of the behavior of a few overzealous advocates. _______________________________________________ dmarc mailing list -- dmarc@ietf.org To unsubscribe send an email to dmarc-le...@ietf.org
