>One thing mail receivers could possibly implement in the future is to >give the *addressed recipient* the option to send the forensic report >to the spoofed sender ...
Sorry, but this is a dreadful idea. I have always understood that one of the main goals of dmarc is to avoid showing phishes to recipients at all. If you show them the phishes and ask "well, what do you think?" that defeats that goal. Also, from everything I've ever seen, users can't reliably tell phishes from real mail. That's why they work. I think it's worth a sentence or two in the dmarc spec noting that asking for forensic reports in domains with individual users may get you copies of mail that may present privacy issues. But don't try to solve it in the spec. _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
