IETF Logo Mail Archive

Re: [dmarc-ietf] non-mailing list use case for differing header domains

Dave Crocker <dhc@dcrocker.net> Sat, 08 August 2020 02:37 UTC

Return-Path: <dhc@dcrocker.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DDDA3A0B46 for <dmarc@ietfa.amsl.com>; Fri, 7 Aug 2020 19:37:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.849
X-Spam-Level:
X-Spam-Status: No, score=-2.849 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.949, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rcnrcrmkbq4b for <dmarc@ietfa.amsl.com>; Fri, 7 Aug 2020 19:37:14 -0700 (PDT)
Received: from simon.songbird.com (simon.songbird.com [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4CB443A0B44 for <dmarc@ietf.org>; Fri, 7 Aug 2020 19:37:14 -0700 (PDT)
Received: from [192.168.43.69] ([172.58.30.214]) (authenticated bits=0) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1.1) with ESMTP id 0782dsws004427 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Fri, 7 Aug 2020 19:39:55 -0700
To: John Levine <johnl@taugh.com>
Cc: dmarc@ietf.org
References: <20200808023259.1D07F1E60C2D@ary.qy>
Reply-To: dcrocker@bbiw.net
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
Message-ID: <f82ecb18-0de8-0e36-6b76-7b937399d964@dcrocker.net>
Date: Fri, 07 Aug 2020 19:37:06 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.11.0
MIME-Version: 1.0
In-Reply-To: <20200808023259.1D07F1E60C2D@ary.qy>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/b04jIv2iQ1esSbKh8aSayRpN_-8>
Subject: Re: [dmarc-ietf] non-mailing list use case for differing header domains
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Aug 2020 02:37:17 -0000

On 8/7/2020 7:32 PM, John Levine wrote:
> I would be interested to better undertstand the meaning of "need"
> here. It is my impression that most people vastly overestimate how
> much of a phish target they are. Paypal and big banks certainly are,
> other places, a lot less so.


I suspect the calculus is less in the pragmatic terms of asking how big 
this threat is and more in terms of wishing for some version of 
protection and thinking this helps to achieve it.

The degree to which so many folk embrace does not appear to have that 
much empirical basis, but rather a sense of feeling a need to do 
something and at first blush this seems to be something.

d/

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

v2.23.0 | Report a Bug | By Email