In article <0f1c26b8-e101-8630-ba9b-8acaf59ac9b5@xxxxxxxx> you write: >It was certainly our intention that it was at least for enterprise since >that's the use case we were most interested in at Cisco. But Ned is >right that a lot of our motivation at Cisco was driven by spear >phishing. We didn't ultimately succeed because there were just too many >things emitting mail in closets from 386 servers everybody was afraid to >turn off. I hope it's a different situation now after 15 years. DMARC includes a reporting feature you can turn on without turning on any of the policy stuff. It's exactly so you can find those servers in closets. Cisco now publishes a p=quarantine DMARC policy which suggests they think their random server problem is under control. >The funny thing about this non-repudiation issue is that I don't recall >anybody bringing it up, and that's probably because it was a non-issue >then because submission authentication was pretty rare. DKIM couldn't >prove anything beyond that it was the domain that sent it which is >pretty ho-hum for say a gmail. Large webmail systems have always been pretty strict about what header addresses you can use. I don't think it was ever easy for one Gmail user to send mail pretending to be another. -- Regards, John Levine, johnl@xxxxxxxxx, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly
