On Tue, Jan 5, 2021 at 10:18 AM Paypal security confirm your password now < [email protected]> wrote:
> >> reputation for the domain. I have trouble imagining why anyone would > >> think it's a good idea to get alignment by using third party domains > >> that recipients don't know. > > > > Because recipients often can’t see (or don’t pay attention to) the > domain > > name and the reputation system you postulate doesn’t exist. OTOH, > getting > > alignment avoids a restrictive policy that might be associated with the > > original domain. > > I think you're saying that I can always evade DMARC problems by putting an > address I control on the From line and nobody will notice. That would > mean that DMARC is useless. > > If that's not what you're saying, could you clarify? > That is indeed the assertion - as long as you consider 97+% to be "always" and interpret "nobody" in terms of real human actors (excluding the automatons on this list) and discount the influence of receiver-level reputation/filtering mechanisms. Personally, I think those levels of rounding errors should not be ignored either for good or evil. The formation of this working group and our initial deliverables provides some level of concurrence with my personal perspective. --Kurt
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
