My comments about From validation were based on the wording of the RFCs, so I stand by what I said.
But are your really arguing that no one in the Mailing List business paid attention to the concerns about the fraud and spoofing problems with email? This morning I had a conversation with the CEO of a company that was hit by ransomware which arrived with the help of a single email. He is slowly getting his company back after paying a lot of money to people who want to destroy us. That is the problem we should be worried about. And that is why I am letting my emotions show. This WG is playing the fiddle while Rome burns. Doug ---------------------------------------- From: "John Levine" <[email protected]> Sent: 8/15/20 6:53 PM To: [email protected] Cc: [email protected] Subject: Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field In article <[email protected]> you write: >Based on the discussions here, it appears that the notion of From address >validation was envisioned from the >beginning Sender Authentication discussions. We have written evidence that >Form address validation was >anticipated in the DKIM and ATPS RFCs prior to DMARC. Not really. DKIM was deliberately designed not to be tied to any visible part of the message. ADSP was a poorly designed hack that was never implemented other than small experiments, and that I don't think many people understood. I got a lot of grief for making the most strict policy "discardable" even though that's obviously what it was. R's, John -- Regards, John Levine, [email protected], Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
