Re: "why I quit writing internet standards"
Douglas Otis <doug.mtview@gmail.com> Sun, 20 April 2014 23:12 UTC
Return-Path: <doug.mtview@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBB471A007B for <ietf@ietfa.amsl.com>; Sun, 20 Apr 2014 16:12:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 818b2FM_ifrv for <ietf@ietfa.amsl.com>; Sun, 20 Apr 2014 16:12:12 -0700 (PDT)
Received: from mail-pb0-x235.google.com (mail-pb0-x235.google.com [IPv6:2607:f8b0:400e:c01::235]) by ietfa.amsl.com (Postfix) with ESMTP id 23A451A0072 for <ietf@ietf.org>; Sun, 20 Apr 2014 16:12:12 -0700 (PDT)
Received: by mail-pb0-f53.google.com with SMTP id rp16so3126014pbb.12 for <ietf@ietf.org>; Sun, 20 Apr 2014 16:12:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=CzX+ZHqXdpBlQeBucrih+1vq9k1gxRn21XY/YA9y4Jw=; b=VbynKQDJXZehgFfb3sBQKnA0RXzyLlSbhTv68DSKU6lTBB6mFmAytUgCxmajV2Kthm e62a7wH5OBj6QORL/x41s8c0pHMYtfEhetvd3ulmxoym2RdzM26CNECpeb2IH8evgmRR 7V+v0lodtwxBYpRBroD4JbQ1GtgE9Tn6cPlQF4jpUW/W6nNxBTiia8F1N6zs5cXNzJMk bcBtPNwRfQpaqXyDq4uTE+AMl7QR8q6Iw3gQKStOq5+CosN+SLfgFVMi1bp4r2fNwlFP yWm+PBuZijsndpah/VPBd0+QZ8vehnWYCBAKCM8DkW/mmFGxeM/XeLuo+v0sM3hCTHhx Rc0Q==
X-Received: by 10.66.219.6 with SMTP id pk6mr34916360pac.9.1398035527486; Sun, 20 Apr 2014 16:12:07 -0700 (PDT)
Received: from [192.168.2.116] (c-67-188-1-12.hsd1.ca.comcast.net. [67.188.1.12]) by mx.google.com with ESMTPSA id my6sm73864398pbc.36.2014.04.20.16.12.04 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 20 Apr 2014 16:12:05 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
Subject: Re: "why I quit writing internet standards"
From: Douglas Otis <doug.mtview@gmail.com>
In-Reply-To: <53542370.9040409@isdg.net>
Date: Sun, 20 Apr 2014 16:12:11 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <8274AE7B-A6A0-4253-B103-6EB6EC17F017@gmail.com>
References: <CF71721A.180A9%wesley.george@twcable.com> <534C067D.8080506@meetinghouse.net> <CAL0qLwa5CRwxn0V=7D84KFv9K_u5W5L+PPUXc3KPkD0YHkNo1w@mail.gmail.com> <4756885.Eo3b3po9Vj@scott-latitude-e6320> <5353FEF7.2060708@bbiw.net> <AB5D3900-BB09-4C4A-B52C-46349C086927@gmail.com> <53542370.9040409@isdg.net>
To: Hector Santos <hsantos@isdg.net>
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/MI7-pEJdq_mmW6RSegEWmxTwWGw
Cc: Scott Kitterman <scott@kitterman.com>, Dave Crocker <dcrocker@bbiw.net>, ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Apr 2014 23:12:17 -0000
On Apr 20, 2014, at 12:43 PM, Hector Santos <hsantos@isdg.net> wrote: > On 4/20/2014 2:25 PM, Douglas Otis wrote: >> >> That said, DMARC was never intended to address needs beyond the >> narrow scope of high value transactional email. > > And unfortunately, this attitude was always wrong. Hate to say, but "I told you so." What the design attitude says is this: > > If the domain is high value, then only applied policy. > For all others, ignore it. Dear Hector, You missed an important term, "transactional". Transactional email is normally NOT relayed through things like mailing-lists for example. "high value" are messages likely to invoke responses which in turn invites a high level of phishing. In such limited scenarios, DMARC makes very good sense. > Rather than try to honor policy to keep the security high, we are looking for ways to circumvent it. Ignoring Policy no longer works. Locking the From header field to a specific source for general user mail clearly does not work and those asserting DMARC policy should know better. If this continues, at some point many will ignore DMARC when it costs more than it is worth. I too think we can do better, but the senders should be expected to do the heavy lifting. Only they know which third-party services their users send messages. The TPA strategy is based on the premise third-party paths can be quickly verified by the recipients without a steep user learning curve. TPA also creates little impact on how email is normally handled. Email security should be structured to support a federated service and not depend on peer to peer communications. Regards, Douglas otis
- "why I quit writing internet standards" George, Wes
- Re: "why I quit writing internet standards" David Meyer
- Re: "why I quit writing internet standards" Miles Fidelman
- Re: "why I quit writing internet standards" Alia Atlas
- Re: "why I quit writing internet standards" Christian de Larrinaga
- Re: "why I quit writing internet standards" Andy Bierman
- Re: "why I quit writing internet standards" Abdussalam Baryun
- Re: "why I quit writing internet standards" Ted Lemon
- Re: "why I quit writing internet standards" Michael Richardson
- Re: "why I quit writing internet standards" Tim Wicinski
- Re: "why I quit writing internet standards" Andy Bierman
- Re: "why I quit writing internet standards" Simon Pietro Romano
- Re: "why I quit writing internet standards" Miles Fidelman
- Re: "why I quit writing internet standards" Murray S. Kucherawy
- Re: "why I quit writing internet standards" David Meyer
- Re: "why I quit writing internet standards" Murray S. Kucherawy
- Re: "why I quit writing internet standards" Murray S. Kucherawy
- Re: "why I quit writing internet standards" Miles Fidelman
- Re: "why I quit writing internet standards" Dale R. Worley
- Re: "why I quit writing internet standards" Scott Kitterman
- Re: "why I quit writing internet standards" Miles Fidelman
- Re: "why I quit writing internet standards" Jari Arkko
- Re: "why I quit writing internet standards" Bjoern A. Zeeb
- Re: "why I quit writing internet standards" Spencer Dawkins
- Re: "why I quit writing internet standards" Carsten Bormann
- Re: "why I quit writing internet standards" Spencer Dawkins
- Re: "why I quit writing internet standards" Thomas Clausen
- Re: "why I quit writing internet standards" Wesley Eddy
- Re: "why I quit writing internet standards" Yoav Nir
- Re: "why I quit writing internet standards" Thomas Clausen
- Re: "why I quit writing internet standards" Wesley Eddy
- Re: "why I quit writing internet standards" Miles Fidelman
- Re: "why I quit writing internet standards" Spencer Dawkins
- Re: "why I quit writing internet standards" Thomas Clausen
- Re: "why I quit writing internet standards" Melinda Shore
- Re: "why I quit writing internet standards" Carsten Bormann
- Re: "why I quit writing internet standards" Thomas Clausen
- Re: "why I quit writing internet standards" Spencer Dawkins
- Re: "why I quit writing internet standards" Brian E Carpenter
- Re: "why I quit writing internet standards" Dave Cridland
- Re: "why I quit writing internet standards" Thomas Nadeau
- Re: "why I quit writing internet standards" Thomas Nadeau
- Re: "why I quit writing internet standards" Benoit Claise
- Re: "why I quit writing internet standards" Benoit Claise
- Re: "why I quit writing internet standards" Benoit Claise
- Re: "why I quit writing internet standards" Thomas Nadeau
- Re: "why I quit writing internet standards" Miles Fidelman
- Re: "why I quit writing internet standards" Yoav Nir
- Re: "why I quit writing internet standards" S Moonesamy
- Re: "why I quit writing internet standards" Benoit Claise
- Re: "why I quit writing internet standards" Douglas Otis
- Re: "why I quit writing internet standards" Andy Bierman
- Re: "why I quit writing internet standards" Hector Santos
- Re: "why I quit writing internet standards" Dave Crocker
- Re: "why I quit writing internet standards" Scott Kitterman
- Re: DMARC not-WG, was "why I quit writing interne… John Levine
- Re: DMARC not-WG, was "why I quit writing interne… Dave Crocker
- Re: DMARC not-WG, was "why I quit writing interne… Hector Santos
- Re: "why I quit writing internet standards" Dave Crocker
- Re: "why I quit writing internet standards" Scott Kitterman
- Re: "why I quit writing internet standards" Dave Crocker
- Re: "why I quit writing internet standards" Scott Kitterman
- Re: "why I quit writing internet standards" Douglas Otis