IETF Logo Mail Archive

Re: WG Review: Domain-based Message Authentication, Reporting & Conformance (dmarc)

Scott Kitterman <scott@kitterman.com> Tue, 15 July 2014 19:57 UTC

Return-Path: <scott@kitterman.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DD2B1A004E for <ietf@ietfa.amsl.com>; Tue, 15 Jul 2014 12:57:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KWvxbxDWDKk6 for <ietf@ietfa.amsl.com>; Tue, 15 Jul 2014 12:57:11 -0700 (PDT)
Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [IPv6:2607:f0d0:3001:aa::2]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A50901A006E for <ietf@ietf.org>; Tue, 15 Jul 2014 12:57:10 -0700 (PDT)
Received: from mailout03.controlledmail.com (localhost [127.0.0.1]) by mailout03.controlledmail.com (Postfix) with ESMTP id 67064D0459D; Tue, 15 Jul 2014 15:57:09 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=2014-01; t=1405454229; bh=wX9ds4UKKRIrCd9jEcI1HSuh+sxR5EdiZ69Rl6KuR0o=; h=From:To:Subject:Date:In-Reply-To:References:From; b=Gwa8Pj3zle5ZcQ6wWDCEPAS6ndG7zOuKcXzjVltRyH30vcj2tJEaemHDqPe3XDvlf 3Bzor7Hf57Hi8V6/stfOZXW+JgSnSEVP3KfJaodkYNRMga3kV9lsPPjfa7Pqk3g/uu Gp9gi+oAzz2Pf+XQ967bAgNM0/sCRyl2ACvQ6P14=
Received: from scott-latitude-e6320.localnet (static-72-81-252-21.bltmmd.fios.verizon.net [72.81.252.21]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 2A5A8D04541; Tue, 15 Jul 2014 15:57:09 -0400 (EDT)
From: Scott Kitterman <scott@kitterman.com>
To: ietf@ietf.org
Subject: Re: WG Review: Domain-based Message Authentication, Reporting & Conformance (dmarc)
Date: Tue, 15 Jul 2014 15:57:08 -0400
Message-ID: <1713118.6e7UjQ4g9h@scott-latitude-e6320>
User-Agent: KMail/4.13.2 (Linux/3.13.0-30-generic; KDE/4.13.2; x86_64; ; )
In-Reply-To: <CAL0qLwadMYkDrf=5SZX_Byb7pcQP0JW-=8xb+DRNWE=hsu-pHw@mail.gmail.com>
References: <20140715154418.76956.qmail@joyce.lan> <4479292.p2LNmhb84D@scott-latitude-e6320> <CAL0qLwadMYkDrf=5SZX_Byb7pcQP0JW-=8xb+DRNWE=hsu-pHw@mail.gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
X-AV-Checked: ClamAV using ClamSMTP
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/Kk-0huzmkmngK2mbJ6rNfOPJDkI
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jul 2014 19:57:13 -0000

On Tuesday, July 15, 2014 12:02:02 Murray S. Kucherawy wrote:
> On Tue, Jul 15, 2014 at 9:35 AM, Scott Kitterman <scott@kitterman.com>
> 
> wrote:
> > That's possibly true, but given the goal of the working group, it may turn
> > out
> > to be the best we can do.  In my limited IETF experience, I've seen
> > several
> > variants of "we aren't U/I experts, so we should stay away from it".  That
> > may
> > be true, but we may not get out of this one without having to give some
> > strong
> > guidance.
> > 
> > For the large fraction of email users today that are doing it via webmail
> > where the service provider controls the MUA experience directly, the
> > timeline
> > for improvement can be relatively short compared to traditional software
> > deployment cycles.
> 
> Do we have any reason to believe that such advice would be read by anyone
> in a position to bring about its implementation?  How much do MUAs apply,
> as Ned cited, RFC2049?
> 
> Whatever each of us thinks of our collective UI expertise is unimportant if
> MUA developers will end up disregarding our advice and following their own
> anyway.
> 
> As I've said before, perhaps we should try to encourage major MUA
> developers to participate.  That would allay all such concerns.  We might
> even get Sender to matter again.

Different MUA vendors are, of course, different.  Many of the major DMARC 
participants are also MUA vendors, so I have hope.  

There are a number of useful features that seem to resist implementation.  My 
MUA of choice has an amazingly useful "reply to list" feature that uses the 
relevant header fields to detect a list and reply to it.  I can't imagine using 
an MUA that doesn't have it.

It would probably be helpful to have an up to date survey of the MUAs to see 
which display Sender and which don't.  I remember back when we were doing 
MARID, as an example, Outlook displayed it, but Outlook Express did not.  Such 
a survey would give us some idea about how big the problem space is.

Scott K

v2.23.0 | Report a Bug | By Email