On 7/14/2020 8:39 AM, John Levine wrote:
In article <[email protected]>,
Dave Crocker <[email protected]> wrote:
On 7/14/2020 2:52 AM, Alessandro Vesely wrote:
And phishers can also send mail From: fm.bank and Sender:
regleissei.icu. To publish a DMARC policy would avail Farmers &
Merchants nothing, then.
If regleissei.icu publishes a DMARC record and indicates support for use
of Sender:, per the proposal, please explain exactly what bad things
will happen, in the case you offer.
It makes the assessment process quadratically more complicated. Now
the question is both whether this from regleissei.icu, but what do we
know about its relationship with fm.bank.
Admittedly, since a lot of MUAs display neither From nor Sender
address, it's not clear how much this matters.
What is, or is not, displayed is irrelevant, since that has nothing to
do with meaningful protection.
Analysis by the filtering subsystem is quite another and more important
matter.
So I'll rephrase my question:
Please compare and contrast how analysis is done now versus how it
would be done with this proposal, and what dangers are created or made
worse as a result of this proposal.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
