> On Apr 14, 2023, at 8:26 PM, Scott Kitterman <[email protected]> wrote: > > Perfect. The goal is working towards consensus is to find something we can > live with, so that's exactly what I was hoping for. I don't think it's ideal > either, but I can live with it. > > Scott K
Yes sir, that’s it. However, I’d like to see less of some narratives in the discussion especially around costs and benefits. It’s not you, Scott, but your post seems apropos. 1. Cousin domains. We all get that dmarc doesn’t touch those. Dmarc is to stop spoofing of exact domains. There are other technologies and methods whose responsibility it is to track down and take down fraudsters. 2. I would like to know if general purpose domain == org domain in most cases. Someone suggested the registration of a separate domain for general purposes. That sounds reasonable as long as the advice is clear that this isn’t advocating cousin domains. 3. Dmarc should be made to work is as well as possibility to prevent exact domain spoofing. I’ve seen spoofing of org domains of companies that you wouldn’t think of as a high priority impact. It can cause catastrophic consequences to the organization so spoofed. I don’t have to say more here as presumably everyone here knows. If you don’t I think it’s critical to understand that. If you can’t feel it emotionally then you’ve not explored the consequences of spoofing. So I humbly request a practice of steal manning and dispense with the straw men and especially the red herrings. Neil _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
