Re: DMARC: perspectives from a listadmin of large open-source lists

Miles Fidelman <mfidelman@meetinghouse.net> Mon, 14 April 2014 15:38 UTC

Return-Path: <mfidelman@meetinghouse.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D82E51A04AB for <ietf@ietfa.amsl.com>; Mon, 14 Apr 2014 08:38:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1fASE71jad9e for <ietf@ietfa.amsl.com>; Mon, 14 Apr 2014 08:38:53 -0700 (PDT)
Received: from server1.neighborhoods.net (server1.neighborhoods.net [207.154.13.48]) by ietfa.amsl.com (Postfix) with ESMTP id DC6C81A02CF for <ietf@ietf.org>; Mon, 14 Apr 2014 08:38:52 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by server1.neighborhoods.net (Postfix) with ESMTP id 72AC8CC0B9 for <ietf@ietf.org>; Mon, 14 Apr 2014 11:38:50 -0400 (EDT)
X-Virus-Scanned: by amavisd-new-2.6.2 (20081215) (Debian) at neighborhoods.net
Received: from server1.neighborhoods.net ([127.0.0.1]) by localhost (server1.neighborhoods.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id k-C6qFJ2XW1Z for <ietf@ietf.org>; Mon, 14 Apr 2014 11:38:41 -0400 (EDT)
Received: from new-host.home (pool-173-76-155-14.bstnma.fios.verizon.net [173.76.155.14]) by server1.neighborhoods.net (Postfix) with ESMTPSA id 9C3AECC0A7 for <ietf@ietf.org>; Mon, 14 Apr 2014 11:38:41 -0400 (EDT)
Message-ID: <534C0101.6040208@meetinghouse.net>
Date: Mon, 14 Apr 2014 11:38:41 -0400
From: Miles Fidelman <mfidelman@meetinghouse.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:28.0) Gecko/20100101 Firefox/28.0 SeaMonkey/2.25
MIME-Version: 1.0
To: ietf@ietf.org
Subject: Re: DMARC: perspectives from a listadmin of large open-source lists
References: <20140414024956.26078.qmail@joyce.lan> <534B524F.4050206@dcrocker.net>, <alpine.BSF.2.00.1404132327560.26258@joyce.lan> <290E20B455C66743BE178C5C84F1240847E88E3F8C@EXMB01CMS.surrey.ac.uk>
In-Reply-To: <290E20B455C66743BE178C5C84F1240847E88E3F8C@EXMB01CMS.surrey.ac.uk>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/4VekO_Ggs1iDOqyYaWUaTTh9K0E
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Apr 2014 15:38:58 -0000

You really need to use <sarcasm></sarcasm> tags - my first reaction was 
a knee-jerk "says who?"

Miles

l.wood@surrey.ac.uk wrote:
> But DMARC is email authentication best practice.
>
> Sure, some legacy email things are having some minor teething problems with it,
> but it's clearly the way to go. Because it introduces authentication.
>
> Now all the spammers will have to open their free yahoo accounts first, before
> sending email! That's a great step forwards!
>
> Security! Best practice!
>
> Lloyd Wood
> http://about.me/lloydwood
> ________________________________________
> From: ietf [ietf-bounces@ietf.org] On Behalf Of John R Levine [johnl@taugh.com]
> Sent: 14 April 2014 04:28
> To: Dave Crocker; IETF general list
> Subject: Re: DMARC: perspectives from a listadmin of large open-source lists
>
>>> Yes, that's the 1980s percent hack.
>> intended recipient.  While a bit inefficient -- and probably will emerge as
>> an attack vector (sigh) -- it's a plausible mechanism.
> Right -- something is seriously wrong with DMARC as used if we need to
> invent new phish syntaxes to work around it.
>
> R's,
> John


-- 
In theory, there is no difference between theory and practice.
In practice, there is.   .... Yogi Berra