It appears that Murray S. Kucherawy said:
>The definition of "pct" doesn't talk about sources, it talks about
>individual messages, evaluated independently. It's meant to be applied in
>aggregate across all messages purporting to be from that domain,
>independently and irrespective of source.
On Sat, Sep 9, 2023 at 11:16 AM Douglas Foster <
dougfoster.emailstanda...@gmail.com> wrote:
> I understand the phased roll-out goal, but phased rollout and percentages
> are not applicable to the evaluator's task.
>
> I start with an assumption that message sources reflect the character of
>
A not-yet mentioned characteristic of impersonating messages is that:
"Impersonation requires that a message originate from an
attacker-controlled server."
- Mailbox providers require user-level authentication.
- Hosting services require domain administrator authentication and use
I understand the phased roll-out goal, but phased rollout and percentages
are not applicable to the evaluator's task.
I start with an assumption that message sources reflect the character of
the individual or organization that controls the source. Malicious
traffic comes from malicious people.
I'm not looking to change the WG's mind on this matter, but:
On Sat, Sep 9, 2023 at 3:54 AM Douglas Foster <
dougfoster.emailstanda...@gmail.com> wrote:
> There are many percentages mixed up together in this issue:
>
>- The percentage of domain message sources which provide proper
>
I objected strongly to the RFC 7489 language which provides disposition
instructions based on the PCT clause, and still do.
A brief review:
There are many percentages mixed up together in this issue:
- The percentage of domain message sources which provide proper
authentication at