On Sun, Aug 16, 2020 at 11:31 AM Dave Crocker <[email protected]> wrote:
> > > 2. There was nothing 'established' at that event. There were > interesting discussions, but that's all. > In fact, some of the most interesting discussions took place outside the formal event. > > 3. I'm not finding the reference in any of Doug's notes that your are > relying on. Please be specific about it. > > > > Doug recalled. Your gmail address needs to be authenticated by gmail. > > Good grief, no. There is no system rule to that effect. DMARC created > that, but no policy before it was in place, nevermind accepted. > We need to be very careful in asserting what DMARC does or does not do. DMARC does not prevent spoofing within an email domain. So continuing the gmail example, DMARC would not prevent [email protected] from pretending to be [email protected] within the gmail system. There are other mechanisms for preventing this, but DMARC is not that solution. > > > > Sending From: bbiw.net, SPF-authenticated as dcrocker.net, and > > whitelisted as yet another domain (songbird.com) can hardly be > > verified. There is no "pretending", since it's you, but it is not > > formally distinguishable from spoof, is it? > > Whether valid and invalid uses can be distinguished does not alter the > fact that valid uses are valid. > What are valid uses constitutes a key part of the discussion. At one end of the discussion is "We have always done it this way so go away". At the other end of the discussion is "Tough noogies, thing change". An interesting question is who gets to determine what is a valid use? Another aspect is whether such determinations are technical, political, legal, social or ? Part of the difficulty we are having with our discussions here is that people are conflating the various aspects of the problem space. Michael Hammer
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
