IETF Logo Mail Archive

Re: [dmarc-ietf] making mail not work for your users, was the endless mailing list silliness

Michael Adkins <madkins@fb.com> Wed, 17 April 2013 23:21 UTC

Return-Path: <prvs=78192610fc=madkins@fb.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BBBD21E809F for <dmarc@ietfa.amsl.com>; Wed, 17 Apr 2013 16:21:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.265
X-Spam-Level:
X-Spam-Status: No, score=-3.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NGLvZHfAJ8iw for <dmarc@ietfa.amsl.com>; Wed, 17 Apr 2013 16:21:48 -0700 (PDT)
Received: from mx0a-00082601.pphosted.com (mx0a-00082601.pphosted.com [67.231.145.42]) by ietfa.amsl.com (Postfix) with ESMTP id C3A4221E8043 for <dmarc@ietf.org>; Wed, 17 Apr 2013 16:21:44 -0700 (PDT)
Received: from pps.filterd (m0044008 [127.0.0.1]) by m0044008.ppops.net (8.14.5/8.14.5) with SMTP id r3HNHhN5004429; Wed, 17 Apr 2013 16:21:43 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fb.com; h=from : to : subject : date : message-id : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=facebook; bh=Qmfm3huQWzh1gCz/cc4OZ+fNsRX/x0wNwK3Tpi3KVEc=; b=lKhGFFSLQn5UZB7ojl5NayKw46eriLZoSLuTgA3g2IeBIxaOg8W+rg4qKLhmPjQNE8d1 9GGzI49YYIAuj4fbad/q6P26AZ8g72kQEOIAo88pMPj2xL7OIWS8wCvthc1YZsSLbd06 pLYip/lRCzAkeOX3VuAOVLr2gQjG0yHljdk=
Received: from prn1-cmdf-dc01-fw1-nat.corp.tfbnw.net (prn1-cmdf-dc01-fw1-nat.corp.tfbnw.net [173.252.71.129] (may be forged)) by mx0a-00082601.pphosted.com with ESMTP id 1bsjnvk9re-1 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Wed, 17 Apr 2013 16:21:43 -0700
Received: from PRN-MBX02-4.TheFacebook.com ([169.254.5.232]) by PRN-CHUB02.TheFacebook.com ([fe80::5de8:34:5a87:6990%12]) with mapi id 14.02.0328.011; Wed, 17 Apr 2013 16:21:42 -0700
From: Michael Adkins <madkins@fb.com>
To: "J. Gomez" <jgomez@seryrich.com>, "dmarc@ietf.org" <dmarc@ietf.org>
Thread-Topic: [dmarc-ietf] making mail not work for your users, was the endless mailing list silliness
Thread-Index: AQHOO8JR9vRFrwuRH0KvjBBDOAxIKg==
Date: Wed, 17 Apr 2013 23:21:41 +0000
Message-ID: <F1EFAF1C8755824295F30DBEC75B791B6A9B8101@PRN-MBX02-4.TheFacebook.com>
In-Reply-To: <7BF5EC3D91FA4D6DA7902A1387BCFB60@fgsr.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.2.4.120824
x-originating-ip: [192.168.16.4]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <F3390E40CAFC634C83D7C94177BF5908@fb.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Spam-Reason: safe
X-FB-Internal: Safe
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.10.8626, 1.0.431, 0.0.0000 definitions=2013-04-17_08:2013-04-17, 2013-04-17, 1970-01-01 signatures=0
Subject: Re: [dmarc-ietf] making mail not work for your users, was the endless mailing list silliness
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dmarc>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Apr 2013 23:21:49 -0000

If your goal is to profit from identity theft by impersonating someone
else, your best bet is to cast the widest net possible by impersonating
the largest organizations that hold user authentication credentials.
DMARC is an open version of products that were designed to combat that
problem because it was/is the biggest phishing problem.  If there was no
value to actual email users, it is unlikely that the largest mailbox
providers on the internet would have participated in it's creation or
deployed it since there would have been nothing in it for them.  If we
would like to hear about the value to end users, we could probably get one
of them to share some high level data about it.

On 4/17/13 1:55 PM, "J. Gomez" <jgomez@seryrich.com> wrote:

>On Wednesday, April 17, 2013 12:39 PM [GMT+1=CET], John Levine wrote:
>
>> Perhaps we could try and think more clearly about providing service to
>> actual mail users and less about hypothetical spoofing attacks on
>> people who are not plausible spoof targets.
>
>It's pretty clear by now that DMARC is not about protecting actual email
>users, but about protecting big brands from email spoofing their brand.
>
>Regards,
>
>J. Gomez
>
>_______________________________________________
>dmarc mailing list
>dmarc@ietf.org
>https://www.ietf.org/mailman/listinfo/dmarc

v2.23.0 | Report a Bug | By Email