On Thu, Dec 5, 2024 at 7:28 AM Douglas Foster <
dougfoster.emailstanda...@gmail.com> wrote:

> [snip]
>
> RFC7489 has misled a lot of people about the impersonation problem, and
> DMARCbis has not fixed that.
>

I'm not quite sure I understand the terminology you're using in the content
that I've snipped, but the following bit and other posts you've made over
the past months gives me pause:

 "50 PASS, 50 False Positives, 50 True Spam"

Such phrasing leads me to conclude that your understanding of DMARC might
be at odds with the following paragraph from the Introduction section of
DMARCbis:

A DMARC pass for a message indicates only that the use of the Author Domain
has been validated for that message as authorized by the Domain Owner. Such
authorization does not carry an explicit or implicit value assertion about
that message or about the Domain Owner, and so a DMARC pass by itself does
not guarantee that delivery to the recipient's Inbox would be safe or
desirable. For a mail-receiving organization participating in DMARC, a
message that passes DMARC validation is part of a message stream reliably
associated with the Author Domain. Therefore, reputation assessment of that
stream by the mail-receiving organization can assume the use of that Author
Domain is authorized by the Domain Owner.


In short, what's true for DMARCbis, and what has always been true for
DMARC, are the following:

   - A DMARC pass does not necessarily mean that the message isn't spam
   - A DMARC fail does not necessarily mean that the message is spam

In the same way that a person's government-issued ID can be used by a
financial institution to reliably attach that ID's holder to a credit
history and then decide whether or not to extend a loan to that ID's
holder, a DMARC pass can be used by a receiving site to attach the passing
domain to a sending history and then decide whether or not to extend the
privilege of acceptance of that mail and deliver it to the Inbox.

Put another way, those 50 PASS and 50 True Spam can be the same 50
messages, and I don't understand your phrasing to indicate that you
understand that.

-- 
Todd Herr
Some Guy in VA LLC
t...@someguyinva.com
703-220-4153
Book Time With Me: https://calendar.app.google/tGDuDzbThBdTp3Wx8
_______________________________________________
dmarc mailing list -- dmarc@ietf.org
To unsubscribe send an email to dmarc-le...@ietf.org

Reply via email to