On Fri, Nov 25, 2022 at 5:53 AM Douglas Foster < [email protected]> wrote:
> DMARC requires an evaluator to trust the design, but we lack a cogent > statement of the theoretical basis for doing so. Here is my proposed > language: > > "The RFC5322.From address is not directly verifiable. DMARC addresses > this problem using proxy verification: The From address is considered > verified using the combination of a verified identifier and a meaningful > relationship between the verified identifier domain and the RFC5322.From > domain." > [...] > This seems like a reasonable thing to add somewhere in Section 1. I think Section 1 already makes this point, but you have to read a few paragraphs to get there. This could go in first, setting the stage for what follows. -MSK, participating
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
