IETF Logo Mail Archive

Re: WG Review: Domain-based Message Authentication, Reporting & Conformance (dmarc)x

mrex@sap.com (Martin Rex) Thu, 17 July 2014 02:20 UTC

Return-Path: <mrex@sap.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEF7C1A041C for <ietf@ietfa.amsl.com>; Wed, 16 Jul 2014 19:20:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.552
X-Spam-Level:
X-Spam-Status: No, score=-6.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o0WQn14RFdmz for <ietf@ietfa.amsl.com>; Wed, 16 Jul 2014 19:20:37 -0700 (PDT)
Received: from smtpde02.sap-ag.de (smtpde02.smtp.sap-ag.de [155.56.68.140]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6F8E1A03CA for <ietf@ietf.org>; Wed, 16 Jul 2014 19:20:36 -0700 (PDT)
Received: from mail05.wdf.sap.corp by smtpde02.sap-ag.de (26) with ESMTP id s6H2KTE7020202 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 17 Jul 2014 04:20:29 +0200 (MEST)
Subject: Re: WG Review: Domain-based Message Authentication, Reporting & Conformance (dmarc)x
In-Reply-To: <53C729C2.6060208@dcrocker.net>
To: dcrocker@bbiw.net
Date: Thu, 17 Jul 2014 04:20:28 +0200
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20140717022029.017DC1ADAB@ld9781.wdf.sap.corp>
From: mrex@sap.com
X-SAP: out
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/7VdCBAUzO92TrrgkJAqpIkQXAiQ
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: mrex@sap.com
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Jul 2014 02:20:39 -0000

Dave Crocker wrote:
> On 7/16/2014 6:15 PM, Martin Rex wrote:
> >> >    "Existing deployment of DMARC has demonstrated utility at internet
> >> >     scale"
> > I would propose to adjust this statement to better match reality.
> 
> 
> DMARC is estimated to cover at least 60% of the world's mailboxes.

That's an interesting number, but how was it computed/counted,
and what does it mean in reality.

When the @yahoo.com reject policy had been set up, I checked whether
I could send fake @yahoo.com Email to my private German (F)reeMail
account and to my own company email account, and both Emails were
properly delivered to my Mailboxes.

So even mails "allegedly" From: mailboxes for which the domain
owner has published DMARC reject policy will be (properly, due to
legal requirement) dysfunctional in non-marginal areas of the internet.
The same applies to the DMARC report policy, for which processing
by telecommunication providers will also be illegal (a serious
criminal offense) in countries with strong protections of
fundamental human rights.


-Martin

v2.23.0 | Report a Bug | By Email