Thanks for taking the time to reply and explain, Todd! I appreciate it. >> > Moreover it removes the need for any kind of reporting, as a Domain Owner >> > will know from the rejections which messages that it authorized failed to >> > authenticate and presumably why, and the Domain Owner will never see the >> > rejections of unauthorized messages that did not originate at the behest >> > of the Domain Owner, with the latter class of rejections being ones that >> > the Domain Owner wouldn't find actionable, anyway. >> >> I think the assumption here that I don't agree with is that reporting >> about the forged mail has to be specifically "actionable" to be >> useful. > > > You lose me here, because I don't see the point of reporting unless it's > somehow actionable. To my mind, a report that X is using my domain does me no > good unless there's enough in the report for me to attempt to take action to > stop X from using my domain.
Starting with me personally, and making an assumption that others might feel the same way: I want to see info on failed attempts to spoof me so I can say "see, these bad things being attempted by these bad guys are something that I am successfully protecting against." I think that's a value prop of the protection, whether it comes from DKIM2 or DMARC. It's much like an inbound mail admin looking at the server logs to identify how many messages were rejected due to a given DNSBL listing. It demonstrates the prevention's success. Or it could imply that rejection is happening for legit, but non-authed mail, due to a misconfiguration or use of shadow IT. Cheers, Al _______________________________________________ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org
