> On 16 Nov 2024, at 10:39, Alessandro Vesely <[email protected]> wrote: > > On 15/11/2024 20:13, Dave Crocker wrote: >> On 11/15/2024 10:55 AM, Alessandro Vesely wrote: >>> On 13/11/2024 21:14, Dave Crocker wrote: >>>> While 'indirect' has well-established context in many email technical >>>> circles, I believe it does not have clear, consistent, and precise >>>> meaning. So it needs to be defined here, with more than an example. >>>> >>>> I see this is an extremely important point, since the movement that has >>>> taken place with email is to consider tight integration of domain name and >>>> sending platform, in substantial contrast with the way email worked for >>>> perhaps 40 years. That is, 'indirect' is tending to be treated as almost >>>> aberrant, or at least as problematic. >>> >>> I prefer the latter term, "problematic", rather than "aberrant" or, >>> according to the upcoming SMTP standard, "misguided". >> You might prefer more comfortable language but I was characterizing the very >> problematic tone that I perceive permeating work in this space, in recent >> years, and am trying to highlight how that tone establishes a >> counter-productive approach to dealing with these issues. > > > DMARC is the only current approach toward a deterministically "clean" email > environment, AFAIK. I wonder if those who dispraise it have an alternative > in mind or would just prefer a free for all.
It is a free for all. Most invoices I get through commercial services do not use the domain of the company sending me an invoice. Instead they use @paypal.com or they use @quickbooks.com. DMARC does nothing to tell me that the company sending the mail is actually the company sending me the invoice. As a business person I really hate it. My accountant recently moved all of my accounting to a managed Quickbooks account. Uploaded my logo, my business information, created invoices for my business. Quickbooks *NEVER* contacted me to see if this was legit. Never. Now, it was, so it was fine. But it does suggest that anyone can create a Quickbooks account to impersonate my company. Because Quickbooks sends from their own domain, it’s all DMARC passing mail. >> Another example of this aberrant view is the insistence on misusing the word >> 'spoofing'. > > As the antonym of "legit"? Right. So an invoice from my company coming from @paypal.com or @quickbooks.com is also spoofed, right? laura -- The Delivery Expert Laura Atkins Word to the Wise [email protected] Delivery hints and commentary: http://wordtothewise.com/blog
_______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
