I agree with you (as it's not a DMARC problem itself, like I said); just
thought I'd mention it for consideration.
- Mark Alley
On 12/8/2024 12:16 PM, John Levine wrote:
It appears that Mark Alley<mark.al...@tekmarc.com> said:
If an actor with mal-intent wanted to grief an organization identified
using one of these services that bill their services this way, they
could spoof unfathomable amounts of emails to receivers known to
generate Aggregate and/or Failure reports, and blow said customer's
paid-for DMARC reporting analytics licensing out of the water, and could
increase their costs for using the tool extremely high.
Please see the message I just sent. But in the meantime ...
DMARC analysis services have existed for a decade. If this were a real
problem, it would already have happened and they'd have figured out
how to deal with it.
Furthermore, even if it were a real problem, bad guys can sign their
mail as easily as anyone else, so there's nothing we could put in the
spec would help.
Can we please stop inventing problems and finish up this document?
It's way, way, past its sell date.
R's,
John
_______________________________________________
dmarc mailing list -- dmarc@ietf.org
To unsubscribe send an email to dmarc-le...@ietf.org