Dave, > That does get at attempts via the protected path, namely rfc5322.from > field domain. > > However it doesn't permit measuring other aveneues of attack spoofing > the dmarc-using organization.
Hm... I guess there could be privacy problems with allowing a DMARC author domain to request reporting on "look-alike" domains. Along with the technical difficulty of creating a "look alike" metric. I think that path leads back to Josh's suggestion that major senders claim the look-alikes (after somehow discovering what they are) and John's concern about there being an effectively inexhaustible number of them. At some point that all (once again) boils down to relying on user behavior - the user's ability to distinguish one email address from another. -- Shal _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
