> DMARC is all about authentication - it says that a message has, or has not, > been judged to be free of impersonation risk.
I absolutely disagree with your premise, and I think the others have been saying that as well. DMARC has *nothing* to do with performing authentication; it's about publishing policy on the sender side and choosing to comply with published policy on the receiving side. DMARC *uses* authentication that's provided by SPF and DKIM, but DMARC does not, itself, do authentication. Alignment is not authentication: alignment is checking whether the domain that was authenticated (via SPF or DKIM) is "aligned" with the domain claimed in the message, and that is used in the policy evaluation. It's not helpful to claim that any of this is a "gimmick", to say that people are "want to ignore" problems, nor to put forth straw-man arguments about obviously silly alignment algorithms. > The alternative,, which you want to ignore, is to "require" evaluators to do > something foolish, which is to ignore > the fact that the message is free of impersonation. No one is ignoring your proposed requirement; we're all responding to it. We just disagree with you. We think you're wrong. Barry, as a participant _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
