Thanks for bearing with me, Dave. On Tue, Jun 2, 2020 at 5:26 PM Dave Crocker <[email protected]> wrote:
> When this match fails, a message can be rejected before it's ever in front > of a user and capable of causing confusion or fraud. > > Exactly. What matters is that unalignment is presumed to demonstrate bad > faith by the originator. THAT is what significant. And it's significant > to the filtering engine, not the recipient user. > Yes, we're agreed 100% here. > Your argument seems to be that you don't believe that spoofing the From: > domain leads to user impact, or am I completely misunderstanding you? > > Where is the clear and credible research data that says that a bad From: > field domain name specifically tricks end users? > There's a lot of clear and generally consistent data that shows From: header field spoofing leads to outsized impact on end users. However, if by "credible" you mean peer reviewed and not presented by someone with something to sell in preventing the problem, that may be missing (although, it only tends to be systems with a part to play in preventing abuse that are even capable of seeing and distinguishing the issues) and could be an interesting independent study to run. Seth
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
