-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In message <CAH48Zfz+eQm+9La2tTQo32OUm=+o-x3d2jfzdybqxocovbj...@mail.gma
il.com>, Douglas Foster <dougfoster.emailstanda...@gmail.com> writes

>Example.com sends 10,000 messages per day, of which 100 (1%) produce DMARC
>Fail, so they publish a policy with p=none.

and presumably they get on with fixing the flows which fail (tracking
down the rogue marketing staff etc)

>Attackers send 1,000,000 messages that impersonate Example.com.   On a
>global basis, messages claiming to be from Example.com are 99% Fail, and
>the Fail are 99.99% true spam and 0.01% false positives.

only if example.com is still in the process of fixing things

>In response, Example.Com changes its policy to p=reject.  The spammers
>mostly switch to impersonating Example.Edu,leaving only 100 attacks per day
>on Example.Com.   The Fail rate is now down to 2%, of which 50% are true
>spam and 50% are false positives.
>
>But nobody but God sees the global threat situation.   An evaluator who
>sees 50 messages per day may see 50 PASS, 50 False Positives, 50 True Spam,
>or any mix of the three.   Additionally the mix may change over time.

indeed so, but example.com has said "I think that on balance you would
do well to reject messages that appear to be from me but fail DMARC. You
could be a bit clever about this if you really want to be, but I am
trying really hard to send only validatable email so why don't you
follow my carefully considered advice"

>Responses:
>Some evaluators will see 50 true spam with p=none, conclude that DMARC is
>useless, and unconditionally block Example.com.

that's odd ... you said above that example.com changed their policy to
p=reject. The evaluator should fix their DNS cache.

>   When the mix changes,
>legitimate messages will be blocked.

it is always the case that people who unconditionally block domains
where there is legitimate traffic will be sad. No protocol that I can
conceive of will ever fix this for them....

I've skipped the rest because of the DNS cache problem.

- -- 
richard                                                   Richard Clayton

Those who would give up essential Liberty, to purchase a little temporary 
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBZ1G2J92nQQHFxEViEQJilACeIY+mdPIFZdTW73E3u7tzi6aFfgwAnRV+
vUenukhZIjk+zTmP09mNVVQt
=VKnA
-----END PGP SIGNATURE-----

_______________________________________________
dmarc mailing list -- dmarc@ietf.org
To unsubscribe send an email to dmarc-le...@ietf.org

Reply via email to