So no one in this group understands the concept of a side channel information disclosure?
On Wed, Nov 16, 2022, 7:56 AM Laura Atkins <[email protected]> wrote: > There is no ‘unwanted information disclosure’ as they are disclosing their > own information. If they didn’t want to disclose that information, they > wouldn’t say anything. > > laura > > > > On 16 Nov 2022, at 12:53, Douglas Foster < > [email protected]> wrote: > > I am suggesting less reporting, not trying to obligate more. > > Let's try to understand the issue this way: Would the following Facebook > post be wise or foolish? > > "My house has 4 doors, and when I leave home, 3 of them are securely > locked.' > > Is there any unwanted information disclosure? > > Doug > > On Wed, Nov 16, 2022, 6:23 AM Laura Atkins <[email protected]> > wrote: > >> >> >> On 16 Nov 2022, at 10:54, John R. Levine <[email protected]> wrote: >> >> On Tue, 15 Nov 2022, Douglas Foster wrote: >> >> If a server farm hosts DomainA and DomainB, and I only get DMARC aggregate >> reports when I send to DomainA, then I can conclude that DomainB is not >> evaluating DMARC and is therefore more vulnerable to impersonation attacks >> than DomainA. >> >> >> You can conclude whatever you want, but all you know is that they don't >> send reports. You don't know whether they are looking at DMARC and for >> some "security" reason don't send them. >> >> >> Seconding this. There was a major mailbox provider who host both free >> consumer domains and a lot of corporate domains that didn’t send DMARC >> reports. They were, in fact, evaluating DMARC, but they did not send >> reports back. (I believe they are now, but it took a while). >> >> In any event, the point of IETF standards is to tell people how to >> interoperate. It is not our job to try to save people from themselves. If >> someone doesn't want to use DMARC, that's up to them, not to us or to you. >> >> >> I don’t think it’s a good idea to obligate organizations to send reports >> if they choose to evaluate DMARC. >> >> laura >> >> -- >> The Delivery Experts >> >> Laura Atkins >> Word to the Wise >> [email protected] >> >> Email Delivery Blog: http://wordtothewise.com/blog >> >> >> >> >> >> >> _______________________________________________ >> dmarc mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/dmarc >> > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc > > > -- > The Delivery Experts > > Laura Atkins > Word to the Wise > [email protected] > > Email Delivery Blog: http://wordtothewise.com/blog > > > > > > > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
