On Sun 03/Jan/2021 20:56:59 +0100 Douglas Foster wrote:
You can disagree about whether this wording is appropriate, but there
should be no disagreement about the scope problem. We do not have a
protocol which can handle all situations, and much of our discussion is
caused by those who apply DMA
On Sun 03/Jan/2021 17:09:22 +0100 John R Levine wrote:
On Sun, 3 Jan 2021, Alessandro Vesely wrote:
I don't think so. There is a very practical outcome. We should expand
Section 9.5, "Interoperability Issues" and say something actually workable.
With some trepidation I ask, like what?
I'd
> On 4 Jan 2021, at 11:50, Alessandro Vesely wrote:
>
>
>
>> Lets define "legitimate mail" as used in my proposed text to mean "delivery
>> is desired by the intended recipient and the message contains nothing that
>> threatens the interest of the user, the interest of the user's network, or
--
Alex Brotman
Sr. Engineer, Anti-Abuse & Messaging Policy
Comcast
> -Original Message-
> From: dmarc On Behalf Of Alessandro Vesely
> Sent: Thursday, December 31, 2020 10:27 AM
> To: dmarc@ietf.org
> Subject: Re: [dmarc-ietf] Clarification about data integrity within Aggregate
> Repo
In article <123e18e2-71ab-4946-b886-a12a735aa...@wordtothewise.com> you write:
>There is absolutely nothing stopping a phisher from taking advantage of this.
>In fact, phishers currently do send DMARC verified email where the
>domain in the 5322.from is unrelated to the links in the message or to
Similarly, DMARC alignment tells you nothing unless you also have a
reputation for the domain.
Authentication creates a noise-free basis for developing an
indentifier's reputation.
Any activity involving an authenticated identifier is, in fact, the
responsibility of the agency responsibl
On 1/4/21 9:46 AM, John Levine wrote:
Similarly, DMARC alignment tells you nothing unless you also have a
reputation for the domain. I have trouble imagining why anyone would
think it's a good idea to get alignment by using third party domains
that recipients don't know.
You don't need to kno
On Mon 04/Jan/2021 13:22:20 +0100 Laura Atkins wrote:
On 4 Jan 2021, at 11:50, Alessandro Vesely wrote:
Lets define "legitimate mail" as used in my proposed text to mean "delivery
is desired by the intended recipient and the message contains nothing that
threatens the interest of the user, the
I have not seen an identity problem with ESPs, bevause messages are
received directly. They consistently use their own domain for MailFrom to
ensure SPF pass, and the client domain for From.Domains that use DMARC
enforcement have signatures.
Additionally, the From domain correctly presents th
