RE: DMARC: perspectives from a listadmin of large open-source lists

<l.wood@surrey.ac.uk> Mon, 14 April 2014 11:21 UTC

Return-Path: <l.wood@surrey.ac.uk>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 727371A02B5 for <ietf@ietfa.amsl.com>; Mon, 14 Apr 2014 04:21:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xAWiRhWikILQ for <ietf@ietfa.amsl.com>; Mon, 14 Apr 2014 04:21:03 -0700 (PDT)
Received: from mail1.bemta3.messagelabs.com (mail1.bemta3.messagelabs.com [195.245.230.167]) by ietfa.amsl.com (Postfix) with ESMTP id 798D01A02AF for <ietf@ietf.org>; Mon, 14 Apr 2014 04:21:03 -0700 (PDT)
Received: from [85.158.137.99:27425] by server-7.bemta-3.messagelabs.com id 28/46-04151-B94CB435; Mon, 14 Apr 2014 11:20:59 +0000
X-Env-Sender: l.wood@surrey.ac.uk
X-Msg-Ref: server-11.tower-217.messagelabs.com!1397474459!19348359!1
X-Originating-IP: [131.227.200.31]
X-StarScan-Received:
X-StarScan-Version: 6.11.1; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 17384 invoked from network); 14 Apr 2014 11:20:59 -0000
Received: from exht011p.surrey.ac.uk (HELO EXHT011P.surrey.ac.uk) (131.227.200.31) by server-11.tower-217.messagelabs.com with AES128-SHA encrypted SMTP; 14 Apr 2014 11:20:59 -0000
Received: from EXMB01CMS.surrey.ac.uk ([169.254.1.14]) by EXHT011P.surrey.ac.uk ([131.227.200.31]) with mapi; Mon, 14 Apr 2014 12:20:58 +0100
From: <l.wood@surrey.ac.uk>
To: <johnl@taugh.com>, <dcrocker@bbiw.net>, <ietf@ietf.org>
Date: Mon, 14 Apr 2014 12:20:57 +0100
Subject: RE: DMARC: perspectives from a listadmin of large open-source lists
Thread-Topic: DMARC: perspectives from a listadmin of large open-source lists
Thread-Index: Ac9XkbqyfBTaTXV9SBS8uqjuP4pj2gAQI/2t
Message-ID: <290E20B455C66743BE178C5C84F1240847E88E3F8C@EXMB01CMS.surrey.ac.uk>
References: <20140414024956.26078.qmail@joyce.lan> <534B524F.4050206@dcrocker.net>, <alpine.BSF.2.00.1404132327560.26258@joyce.lan>
In-Reply-To: <alpine.BSF.2.00.1404132327560.26258@joyce.lan>
Accept-Language: en-US, en-GB
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-GB
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/NgIsL_9Si1TprkSJxp1cSy8zf8M
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Apr 2014 11:21:08 -0000

But DMARC is email authentication best practice.

Sure, some legacy email things are having some minor teething problems with it,
but it's clearly the way to go. Because it introduces authentication.

Now all the spammers will have to open their free yahoo accounts first, before
sending email! That's a great step forwards!

Security! Best practice!

Lloyd Wood
http://about.me/lloydwood
________________________________________
From: ietf [ietf-bounces@ietf.org] On Behalf Of John R Levine [johnl@taugh.com]
Sent: 14 April 2014 04:28
To: Dave Crocker; IETF general list
Subject: Re: DMARC: perspectives from a listadmin of large open-source lists

>> Yes, that's the 1980s percent hack.

> intended recipient.  While a bit inefficient -- and probably will emerge as
> an attack vector (sigh) -- it's a plausible mechanism.

Right -- something is seriously wrong with DMARC as used if we need to
invent new phish syntaxes to work around it.

R's,
John