On Thu, Oct 10, 2024 at 7:03 PM Douglas Foster < [email protected]> wrote:
> DMARC best guess was disparaged by this group but it has been seen in the > wild so I am not the only one who sees its value. > Where? > Delegated authentication is a third tool which applies when the forwarder > is trusted to have authenticated, which includes major ESPs, and can > include a mailing list where authentication is imperfect but impersonation > is unlikely. > > Private knowledge, acquired by looking at messages and talking to senders, > is the most accurate. It is encoded in local policy as alternate > authentication rules (which is different from whitelisting.) > > Header chain analysis of Received, ARC, and other auth records is the last > frontier. > > When you provide authentication rules for wanted messages, possible > impersonation gets smaller and smaller, where it can be reviewed, true > malice confirmed and responsible entity blocked. All without blocking > wanted messages > > But RFC7489 misleads people to focus on Fail rather than Pass, which > created the mailing list problem. It also puts the evaluator at risk, > partly because it ignores 90% of all malicious impersonation, and partly > because it does not trace malicious messages to the responsible party. > > So there was a huge opportunity to ask,"What do evaluators need?", which > was missed. > > I am opposed to the current document because it misleads in the same way > as RFC7489, calcifying all that was wrong with it > As far as I can tell, everything you've raised here has already been asked and answered. Do you have any text you want to propose? -MSK, ART AD
_______________________________________________ dmarc mailing list -- [email protected] To unsubscribe send an email to [email protected]
