There is no ‘unwanted information disclosure’ as they are disclosing their own information. If they didn’t want to disclose that information, they wouldn’t say anything.
laura > On 16 Nov 2022, at 12:53, Douglas Foster > <[email protected]> wrote: > > I am suggesting less reporting, not trying to obligate more. > > Let's try to understand the issue this way: Would the following Facebook > post be wise or foolish? > > "My house has 4 doors, and when I leave home, 3 of them are securely locked.' > > Is there any unwanted information disclosure? > > Doug > > On Wed, Nov 16, 2022, 6:23 AM Laura Atkins <[email protected] > <mailto:[email protected]>> wrote: > > >> On 16 Nov 2022, at 10:54, John R. Levine <[email protected] >> <mailto:[email protected]>> wrote: >> >> On Tue, 15 Nov 2022, Douglas Foster wrote: >>> If a server farm hosts DomainA and DomainB, and I only get DMARC aggregate >>> reports when I send to DomainA, then I can conclude that DomainB is not >>> evaluating DMARC and is therefore more vulnerable to impersonation attacks >>> than DomainA. >> >> You can conclude whatever you want, but all you know is that they don't send >> reports. You don't know whether they are looking at DMARC and for some >> "security" reason don't send them. > > Seconding this. There was a major mailbox provider who host both free > consumer domains and a lot of corporate domains that didn’t send DMARC > reports. They were, in fact, evaluating DMARC, but they did not send reports > back. (I believe they are now, but it took a while). > >> In any event, the point of IETF standards is to tell people how to >> interoperate. It is not our job to try to save people from themselves. If >> someone doesn't want to use DMARC, that's up to them, not to us or to you. > > I don’t think it’s a good idea to obligate organizations to send reports if > they choose to evaluate DMARC. > > laura > > -- > The Delivery Experts > > Laura Atkins > Word to the Wise > [email protected] <mailto:[email protected]> > > Email Delivery Blog: http://wordtothewise.com/blog > <http://wordtothewise.com/blog> > > > > > > > _______________________________________________ > dmarc mailing list > [email protected] <mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/dmarc > <https://www.ietf.org/mailman/listinfo/dmarc> > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc -- The Delivery Experts Laura Atkins Word to the Wise [email protected] Email Delivery Blog: http://wordtothewise.com/blog
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
