IETF Logo Mail Archive

Re: [dmarc-ietf] making mail not work for your users, was the endless mailing list silliness

John Sweet <sweet@secondlook.com> Wed, 17 April 2013 21:20 UTC

Return-Path: <sweet@secondlook.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E120421E8097 for <dmarc@ietfa.amsl.com>; Wed, 17 Apr 2013 14:20:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.976
X-Spam-Level:
X-Spam-Status: No, score=-2.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id REvUWgDAxicF for <dmarc@ietfa.amsl.com>; Wed, 17 Apr 2013 14:20:59 -0700 (PDT)
Received: from mail-ve0-f170.google.com (mail-ve0-f170.google.com [209.85.128.170]) by ietfa.amsl.com (Postfix) with ESMTP id CC3FA21E8096 for <dmarc@ietf.org>; Wed, 17 Apr 2013 14:20:57 -0700 (PDT)
Received: by mail-ve0-f170.google.com with SMTP id 14so1888860vea.1 for <dmarc@ietf.org>; Wed, 17 Apr 2013 14:20:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secondlook.com; s=google120824; h=x-received:mime-version:x-originating-ip:in-reply-to:references :from:date:message-id:subject:to:content-type; bh=F83drrG1SD8GexAIJ5ZdXfP/l/lYJ3E66nKvM6SD+So=; b=HKUcjlUfSQ9F75jViKaSmwwunM5QkeSN2mmUIg69jAOVfbe4dq5NiSU6yVgM8mb8q9 y6VJlsXXxi4y3puw/iKOx+qQGypRRFtC5dcxEYdZbg5SceZ3HsxWsX1I94GAzd53PpJE NFWnJRWfJtu6zUJcim28dP7bK6ass+ALkFXDY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:mime-version:x-originating-ip:in-reply-to:references :from:date:message-id:subject:to:content-type:x-gm-message-state; bh=F83drrG1SD8GexAIJ5ZdXfP/l/lYJ3E66nKvM6SD+So=; b=fCqeOQO/WhDExCFvZbopeOFxqbGEk3vnUmiF/cjDlHUnaMwdz2TQX+MN4WvD8bGTcK fxj75OJBrpE/WvC0mcqdGQhTpciyeRuZroHW/Uouc3Y0t49iUvDwTxAD58oLP+qD9SGJ tblZjk3tjsWpM4L3ddVD3y3buftDfYyfTvLIHxfLz8QRkNGdbrXOGrux9BW0HqI29zif RYX2rPAQVbqS6rL6PunDqxjGY2utIOV+2wp7+iZhCJ/lfppgBa8iIlxg9NeALg4jltMT 1OFBvgri63NVl1BxqfNI/9CfJHn4HomNi/xa1SHqEoDELhDaCLaQtGpQ+KvjmT6pxK4B twMw==
X-Received: by 10.58.90.66 with SMTP id bu2mr6274873veb.29.1366233657176; Wed, 17 Apr 2013 14:20:57 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.220.152.71 with HTTP; Wed, 17 Apr 2013 14:20:37 -0700 (PDT)
X-Originating-IP: [146.101.57.209]
In-Reply-To: <7BF5EC3D91FA4D6DA7902A1387BCFB60@fgsr.local>
References: <20130417103918.3587.qmail@joyce.lan> <7BF5EC3D91FA4D6DA7902A1387BCFB60@fgsr.local>
From: John Sweet <sweet@secondlook.com>
Date: Wed, 17 Apr 2013 14:20:37 -0700
Message-ID: <CAAjc_p5Vcjhdzj5Vw1WY8nG07NTcydf9nWjqhs8iX_UHq1COhw@mail.gmail.com>
To: "dmarc@ietf.org" <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="089e013cc386d1078804da950f96"
X-Gm-Message-State: ALoCoQk8p5pF6mmJd2cQ3c7jgMjW1izogO9lzYcufwD3GTOKZ7bERpco+EqMIe+PRZfD2j5bMjmH
Subject: Re: [dmarc-ietf] making mail not work for your users, was the endless mailing list silliness
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dmarc>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Apr 2013 21:21:07 -0000

On Wed, Apr 17, 2013 at 1:55 PM, J. Gomez <jgomez@seryrich.com> wrote:

> On Wednesday, April 17, 2013 12:39 PM [GMT+1=CET], John Levine wrote:
>
> > Perhaps we could try and think more clearly about providing service to
> > actual mail users and less about hypothetical spoofing attacks on
> > people who are not plausible spoof targets.
>
> It's pretty clear by now that DMARC is not about protecting actual email
> users, but about protecting big brands from email spoofing their brand.
>

... except, of course, that when I get a phishing mail purporting to be
from my bank, and I respond thinking it's them, and criminals gain access
to my accounts because of it, it's not the bank that takes it in the
shorts. It's me, the little guy.

When I get yet another newspaper article forwarded by my mother, using the
paper's website's "Send to a Friend" link, I actually don't particularly
care if it's someone pretending to be her.  Likewise, when I see your posts
here on dmarc-ietf, I really don't care if it's you or someone pretending
to be you. Some applications of email just aren't desperately in need of
authentication.

If my mother writes me personally saying she's stuck in London without her
passport and needs me to wire her $1500 immediately, well, that's another
matter. But she's unlikely to do that through a mailing list.

J

-- 
"Science is like an inoculation against charlatans who would have you
believe whatever it is they tell you." (Neil DeGrasse Tyson)

v2.23.0 | Report a Bug | By Email