On Thu, Dec 5, 2024 at 7:28 AM Douglas Foster < dougfoster.emailstanda...@gmail.com> wrote:
> [snip] > > RFC7489 has misled a lot of people about the impersonation problem, and > DMARCbis has not fixed that. > I'm not quite sure I understand the terminology you're using in the content that I've snipped, but the following bit and other posts you've made over the past months gives me pause: "50 PASS, 50 False Positives, 50 True Spam" Such phrasing leads me to conclude that your understanding of DMARC might be at odds with the following paragraph from the Introduction section of DMARCbis: A DMARC pass for a message indicates only that the use of the Author Domain has been validated for that message as authorized by the Domain Owner. Such authorization does not carry an explicit or implicit value assertion about that message or about the Domain Owner, and so a DMARC pass by itself does not guarantee that delivery to the recipient's Inbox would be safe or desirable. For a mail-receiving organization participating in DMARC, a message that passes DMARC validation is part of a message stream reliably associated with the Author Domain. Therefore, reputation assessment of that stream by the mail-receiving organization can assume the use of that Author Domain is authorized by the Domain Owner. In short, what's true for DMARCbis, and what has always been true for DMARC, are the following: - A DMARC pass does not necessarily mean that the message isn't spam - A DMARC fail does not necessarily mean that the message is spam In the same way that a person's government-issued ID can be used by a financial institution to reliably attach that ID's holder to a credit history and then decide whether or not to extend a loan to that ID's holder, a DMARC pass can be used by a receiving site to attach the passing domain to a sending history and then decide whether or not to extend the privilege of acceptance of that mail and deliver it to the Inbox. Put another way, those 50 PASS and 50 True Spam can be the same 50 messages, and I don't understand your phrasing to indicate that you understand that. -- Todd Herr Some Guy in VA LLC t...@someguyinva.com 703-220-4153 Book Time With Me: https://calendar.app.google/tGDuDzbThBdTp3Wx8
_______________________________________________ dmarc mailing list -- dmarc@ietf.org To unsubscribe send an email to dmarc-le...@ietf.org