raman, > One thing mail receivers could possibly implement in the future is to > give the *addressed recipient* the option to send the forensic report > to the spoofed sender for verification of the spoof and/or criminal > action against the phisher. The receiver may also expose the ability > for the recipient to redact the parts of the email they wish to before > sending the report. This would sidestep the issue of the addressed > recipient's privacy rights.
this is a very creative suggestion, but there are (at least) three reasons we wouldn't make a recommendation around this. 1. we (dmarc.org) have fastidiously abstained from making suggestions to MUA authors. 2. there aren't a large enough number of users (a/k/a addressed recipient) at large mailbox providers who would invest this much effort into reporting mailbox abuse to make the data useful. it's hard to get them to reliably to do other things like report spam. 3. opt-in rates to reporting of all kinds tend to be low. whether we're talking about crash reporting, sending anti-virus scan/sample data, or allowing spam complaints to actually be reported. so things that further narrow the participant set tend not to get implemented at large MBPs. don't let that deter you from arguing for it, i'd rather see the suggestions made than not maybe someday the attitudes will change. > > Are there other implementations in the works leveraging DMARC forensic > reports that anyone is willing to share publicly? I'm not asking in > the context of my original post -- this is just professional curiosity > now. what do you mean by "leverage"? consume and do something useful, or generate in the first place? -p
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
