Ad hominem dismissal of things that you disagree with as "crazy talk" is not an effective form of technical argument.
Care to try again. Scott K On November 1, 2021 1:29:19 AM UTC, Douglas Foster <[email protected]> wrote: >To my mind, it is crazy talk to assert that DMARC is not an authentication >method. > >My bank's phone app gives me the option of authenticating with either a >username+password or a fingerprint. For remote access to work computers, >I use two authentication methods together. Using two component methods to >accomplish an authentication process does not cause it to be something >other than an authentication process. > >Specific to DMARC: >The sender's policy suggestion is probably the least important part of >DMARC v1. The evidence given to this forum says that most senders do not >have a DMARC policy. Of those that do, the policy is most often NONE, and >therefore useless. Of all the mail that is blocked by >automation because of p=(reject | quarantine), a significant portion is >blocked for reasons that the recipient user considers incorrect. So the >proportion of mail which is properly blocked because of a DMARC policy >looks rather tiny. > >Nonetheless, about 85% of my incoming messages have FROM addresses that I >classify as "reliably identified". This is mostly because of DMARC PASS, >but I also use some local policies serve as alternatives to DMARC PASS. I >don't need a DMARC policy to produce DMARC PASS or FAIL. > >A sender's policy expression is only meaningful because DMARC invented an >algorithm for authenticating the FROM address, something that had never >been done before. Without an algorithm to generate PASS or FAIL, there is >nothing about which a sender can make a disposition suggestion. > >Doug Foster > >On Sun, Oct 31, 2021 at 1:50 PM Dotzero <[email protected]> wrote: > >> >> >> On Sun, Oct 31, 2021 at 1:03 PM Scott Kitterman <[email protected]> >> wrote: >> >>> Perhaps it's a pointless semantic distinction. I think of DMARC as a >>> mechanism for expressing policy about authentication, not an authentication >>> method. >>> >>> I still don't understand what you think is unprotected. >>> >>> Scott K >>> >> >> +1 >> >> DMARC allows the owners or administrators of a domain to express a policy >> for email messages which fail to pass aligned DKIM or SPF and request >> validators/receivers to act on that policy. In and of itself DMARC is not >> an authentication method. >> >> Michael Hammer >> _______________________________________________ >> dmarc mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/dmarc >> _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
