On 25 Jan 2023, at 3:57, Douglas Foster wrote: > We know of two current responses to DMARC Damage: (1) Many senders > avoid p=REJECT, so that damage-prone evaluators cannot learn anything > useful from DMARC evaluation, and (2) sophisticated evaluators throw DMARC > results into a proprietary mix with hundreds of other data points to > develop a disposition decision that is only loosely related to domain owner > policy. Both of these responses indicate that our protocol, as written, > does not meet the needs of either senders or evaluators.
Or (3) evaluators ignore DMARC. > A result of "DMARC Fail" raises the possibility that a message is from a > malicious source. This is an important question, but it only needs to be > answered once. If a source is malicious, all messages from the source > need to be blocked. If a source is determined to not be malicious, the > source needs to be fingerprinted so that future messages from that source > are handled as acceptably identified. The question can be answered with > either manual effort or sophisticated analysis and artificial intelligence, > but once it is answered the evaluator can be protected from malicious > messages while recipients are protected from damaged mail. I’m probably missing some context here, but I’m not clear on what a source is in this context. A specific email address, a specific sending MTA, or a domain? -Jim _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
