On 2/1/2021 6:13 PM, Michael Thomas wrote:
Because we all know how well unauthenticated data worked out for email. I fail to see why anybody would be in favor of digesting unauthenticated data when the method of authenticating it is trivial and well known. It's an extraordinary claim that needs to be backed up. But you don't need to convince me; you need to convince the security AD's and cross area reviewers.
DMARC has been deployed for 6 or 7 years. Where is this onerous abuse on reporting that you feel is inevitable?
I suspect you've assumed the incentives for sending problematic reports are the same as the incentives for abuse of generic mail, while they are likely quite different.
And no, it isn't trivial at all. Setting this stuff up properly takes skill and effort, which means it's expensive. And often is fragile. Hence the need to attend thoughtfully to pragmatics.
d/ -- Dave Crocker [email protected] 408.329.0791 Volunteer, Silicon Valley Chapter American Red Cross [email protected] _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
