I suspect my experience is typical of many businesses: The most common target of impersonation is my own domain, by both good and evil actors.
The good guys feel free to impersonate me because they know that they are the good guys. They assume that I will know that they are the good guys and will find a way to allow their traffic. The bad guys know that if they can successfully penetrate my defenses using my own domain, they will be trusted as insiders, and their attack will be more convincing. I am left with the challenge of distinguishing between the two. Neither RFC7489 nor DMARCbis speak to this problem. Should it be in scope or out of scope? Doug Foster
_______________________________________________ dmarc mailing list -- [email protected] To unsubscribe send an email to [email protected]
