Re: What I've been wondering about the DMARC problem
Seth Johnson <seth.p.johnson@gmail.com> Tue, 15 April 2014 05:21 UTC
Return-Path: <seth.p.johnson@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46DB61A0345 for <ietf@ietfa.amsl.com>; Mon, 14 Apr 2014 22:21:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.701
X-Spam-Level:
X-Spam-Status: No, score=0.701 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1yUCp9cc5umw for <ietf@ietfa.amsl.com>; Mon, 14 Apr 2014 22:21:05 -0700 (PDT)
Received: from mail-ve0-x22e.google.com (mail-ve0-x22e.google.com [IPv6:2607:f8b0:400c:c01::22e]) by ietfa.amsl.com (Postfix) with ESMTP id 0462A1A0338 for <ietf@ietf.org>; Mon, 14 Apr 2014 22:21:04 -0700 (PDT)
Received: by mail-ve0-f174.google.com with SMTP id oz11so8411124veb.5 for <ietf@ietf.org>; Mon, 14 Apr 2014 22:21:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=y11iWshWUytiBhkUtEHwnRFwHTMpmwlwAKt0BXvnQHA=; b=Dcm9qlpwSgVRQrWJcxn+zcBivMS40ObwRQ5hP9rLSoIj409uW0ZOgq58+jcnw6SqcQ Cvvxw1zX5kNhs+O/SzH+8DkQLbeXPjyn9sLL8nheu5oDSr44ngU5TRQytce0ftzBEiiH eHd8KKjlbvfvrCt0/FR2BN9X3NnX06NafdFmWx9F1gpVHmBAd+/sO1ShsVkUzOsl62hd Lr6mJJYwaPU99P+W9wu5lfF1Ew7LBBp8NMOrubvZmpJ9c9MY3vgFVKm8Lcs82quT+RVx Wi32yzP5G6dZLe6/ZHaSarNEWuv4QVLsAy5XHnrQZm03zfEtnDoVsPxqXTZoDy2Y/Fda DklA==
X-Received: by 10.220.4.132 with SMTP id 4mr40841106vcr.9.1397539262067; Mon, 14 Apr 2014 22:21:02 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.220.66.6 with HTTP; Mon, 14 Apr 2014 22:20:21 -0700 (PDT)
In-Reply-To: <534CB08A.8080802@meetinghouse.net>
References: <53499A5E.9020805@meetinghouse.net> <5349A261.9040500@dcrocker.net> <5349AE35.2000908@meetinghouse.net> <5349BCDA.7080701@gmail.com> <01P6L9JZF5SC00004W@mauve.mrochek.com> <CAKW6Ri5f5KZyJeL7RTG2T000Qd+t61KCofNmG2JZv+nKi94Uug@mail.gmail.com> <534C0078.3070808@meetinghouse.net> <CAKW6Ri6OUmxGaBOGR2hoWpDOGWsVQ9tQ2Q9ogkT5wzFhFJLBbQ@mail.gmail.com> <534C2262.1070507@meetinghouse.net> <CAL0qLwb5p_V3i-NGhKJZBeO0qKHm1xiAq1E3nYkBzVUAXkRPpQ@mail.gmail.com> <CAKW6Ri5HWMaGMa_oLKwq5fzSUzJG=jAL1qojY1i6_tibEAxq8w@mail.gmail.com> <CAL0qLwaik1ft+AcACoc+kvKtCRt_gGvM6ov7c2yj_Uwyy3drNw@mail.gmail.com> <CAKW6Ri5_=GyOQijZMM+mqAoaEQzePGysBy9WVjN9yHO1zf3d2w@mail.gmail.com> <534C8F2B.9060903@gmail.com> <CADnDZ8-DWU3ZE_WZO3vwBWvYtNZacdN9mDUof0jmfu2uKZ2poQ@mail.gmail.com> <534CB08A.8080802@meetinghouse.net>
From: Seth Johnson <seth.p.johnson@gmail.com>
Date: Tue, 15 Apr 2014 01:20:21 -0400
Message-ID: <CAJkfFBzs6JMxGSePJ6-1_=kLZRwwgwEPBD_tnh8qXPKQCmSMPA@mail.gmail.com>
Subject: Re: What I've been wondering about the DMARC problem
To: Miles Fidelman <mfidelman@meetinghouse.net>
Content-Type: multipart/alternative; boundary="001a11c3a2c6467bc104f70df702"
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/U6pK_H3eNDwA-TxmTOPElwBhk48
Cc: IETF Discussion <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Apr 2014 05:21:10 -0000
The framework internationally is different. Within free countries, there's a culture of expectations that certain things will be unacceptable, or will be resisted by self-respecting citizens. That culture is based in a system that guards fundamental liberties, and people are able to rely on it to do so, though for private firms the limits aren't so definitive as they are for the government. Internationally, the limits are no longer so definitive, and that's because even though governments will sign onto instruments like the UDHR, those rights are not actually fundamental, even if we call them that. Fundamental rights have an undeniable priority within countries where they have been claimed in the founding act. On that foundation, judges are always obliged to assess fundamental rights in light of the unarguable fact that their priority over the government was part of the original creation of the whole system. There's no founding act in the international arena that sets the priority of people over the governments of the world, so rights are actually at the indulgence of governments, and governments can always assert their state interests are so important that they warrant impinging on fundamental liberties. We just saw an example of this with the Snowden disclosures. We've been through a long period where we couldn't get our government to actually do much for us, or conversely to not invade our liberties -- because the claims that the government was snooping pervasively were kept marginal. But once documentation moved those considerations, we suddenly began seeing the appeals work again: that's not the kind of country we are, what we set up for ourselves. And while it's still in a bit of denial, we are seeing a gradual grudging retracting -- again, because the basis in fundamental liberties is unarguably related to how we set the government up in the founding act(s). This is for governments and the more definitive relationship between fundamental liberties and the government; that is, that they are limits on the government. The judicial system treats fundamental rights violations by the government in terms of "strict scrutiny," which means a governmental act that impinges on fundamental liberties must serve a compelling state interest, and even then, must be narrowly tailored. For private parties, it's more that the working system creates a culture of people who enjoy this ability to live in a system where these limits on the government are actually at play -- and that's a context that more easily supports attitudes of resistance and pushback from people who see their dignity invaded by private firms that do excessive things. None of this exists internationally. The best you can place some faint hope in is that national/state interests will be "balanced" against rights expressed in a treaty. That's a totally different standard from strict scrutiny. And relying on even that is unrealistic, because governments have the "epistemic priority" -- and so they often, quite freely, simply claim their sovereignty and act according to what they claim is an important state interest. They simply have that wherewithal at the international level. All of which is preface to say that the result is that governments and private parties (and corporations, who have concocted trans-state "rights" through judges acting to fill in gaps in the law over the years) know the rules don't apply the same way in the international arena. In fact, given the transitions currently being attempted, whether with the IANA functions or "Internet governance" more generally, Yahoo's DMARC behavior may really be a sort of dry run, testing the ability to take advantage of the moves to put concerns related to the operation of the Internet into an international frame, which folks are pushing for without really recognizing what's missing in that context, what they have sort of unconsciously relied on and taken for granted within systems of checks and balances that are rooted solidly at national levels. The checks and balances don't work the same internationally, and that circumstance can be exploited (and is, all the times, these days). People might push back, but they don't really do so with the same sense of fundamental recourse assured by a solidly rooted system. And Yahoo knows this. And we're just shoring that up by saying we can just switch multistakeholderism to the international arena. (All of this is aside from other factors not generally acknowledged -- that there are actually inter-governmentally endorsed frames in place that will have a bearing on IANA type functions or domain names (Names, Numbers, Addresses and Identifiers/NNAI, in the ITU parlance), regardless of the fact the IANA transition defines itself as non-governmentally-led or inter-governmental. Looking at this in that light, Yahoo may be forcing the creation of a context in which it can start to exercise those frameworks.) Seth On Tue, Apr 15, 2014 at 12:07 AM, Miles Fidelman <mfidelman@meetinghouse.net > wrote: > Important business users, with Yahoo accounts? Is that a joke? > > Just as a reference point: > - I just logged into my long-unused, and un-publicized yahoo email account > - and the only thing there is Spam > - the lion's share of mail that comes from yahoo, to my normal account, is > spam > - unfortunately, a good number of people on the email lists that I run > seem to have Yahoo mail accounts - and a good amount of the mail that comes > from those accounts is... you guessed it... spam - because yahoo email > accounts seem to be vulnerable to cracking and exploitation > > So, just who is it that Yahoo is protecting here? > > > Abdussalam Baryun wrote: > >> The standard procedure in many companies is business scoped, so they >> identify important business users and the business returns/damages. Most >> important users are not IT experts, and use email for personal exchange. >> Yahoo has signed an agreement with users to protect its information system, >> so all seem to follow that, and all users are free to stop using services >> or not. >> >> AB >> >> On Tuesday, April 15, 2014, Brian E Carpenter wrote: >> >> I thought that standard operating procedure in the IT industry >> was: if you roll something out and it causes serious breakage to >> some of your users, you roll it back as soon as possible. >> >> Why hasn't Yahoo rolled back its 'reject' policy by now? >> >> Regards >> Brian >> >> > > -- > In theory, there is no difference between theory and practice. > In practice, there is. .... Yogi Berra > >
- DMARC from the perspective of the listadmin of a … Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Dave Crocker
- Re: DMARC from the perspective of the listadmin o… Michael Richardson
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Hector Santos
- Re: DMARC from the perspective of the listadmin o… Brian E Carpenter
- Re: DMARC from the perspective of the listadmin o… Theodore Ts'o
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Mark Andrews
- Re: DMARC from the perspective of the listadmin o… Hector Santos
- Re: DMARC from the perspective of the listadmin o… Douglas Otis
- Re: DMARC from the perspective of the listadmin o… Dave Crocker
- Re: DMARC from the perspective of the listadmin o… Andrew G. Malis
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… John Levine
- Re: DMARC from the perspective of the listadmin o… Brian E Carpenter
- Re: DMARC from the perspective of the listadmin o… Brian E Carpenter
- Re: DMARC from the perspective of the listadmin o… Theodore Ts'o
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Dick Franks
- Re: DMARC from the perspective of the listadmin o… Dick Franks
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re[2]: DMARC and yahoo mohammed serrhini
- Re: DMARC from the perspective of the listadmin o… Hector Santos
- Re: DMARC from the perspective of the listadmin o… Dick Franks
- Re: DMARC from the perspective of the listadmin o… Murray S. Kucherawy
- Re: DMARC from the perspective of the listadmin o… Dave Crocker
- Re: DMARC and yahoo Doug Royer
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Murray S. Kucherawy
- Re: DMARC from the perspective of the listadmin o… Warren Kumari
- Re: DMARC from the perspective of the listadmin o… Murray S. Kucherawy
- RE: DMARC from the perspective of the listadmin o… MH Michael Hammer (5304)
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC and yahoo Theodore Ts'o
- Re: DMARC from the perspective of the listadmin o… Dick Franks
- Re: DMARC from the perspective of the listadmin o… Brian E Carpenter
- Re: DMARC from the perspective of the listadmin o… Rolf E. Sonneveld
- Re: DMARC from the perspective of the listadmin o… Dave Crocker
- Re: DMARC from the perspective of the listadmin o… Murray S. Kucherawy
- Re: DMARC from the perspective of the listadmin o… Murray S. Kucherawy
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Dave Cridland
- Re: DMARC from the perspective of the listadmin o… Dick Franks
- What I've been wondering about the DMARC problem Brian E Carpenter
- Re: What I've been wondering about the DMARC prob… Doug Barton
- Re: DMARC and yahoo Doug Royer
- Re: What I've been wondering about the DMARC prob… Miles Fidelman
- Re: What I've been wondering about the DMARC prob… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Ted Lemon
- Re: What I've been wondering about the DMARC prob… Theodore Ts'o
- Re: DMARC from the perspective of the listadmin o… Scott Kitterman
- Re: DMARC and yahoo Theodore Ts'o
- What I've been wondering about the DMARC problem Abdussalam Baryun
- Re: What I've been wondering about the DMARC prob… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Sabahattin Gucukoglu
- Re: What I've been wondering about the DMARC prob… Seth Johnson
- Re: What I've been wondering about the DMARC prob… Seth Johnson
- RE: What I've been wondering about the DMARC prob… l.wood
- Re: DMARC and yahoo Douglas Otis
- Re: What I've been wondering about the DMARC prob… Seth Johnson
- Re: What I've been wondering about the DMARC prob… Dave Crocker
- Re: DMARC from the perspective of the listadmin o… Hector Santos
- Re: What I've been wondering about the DMARC prob… Miles Fidelman
- Re: What I've been wondering about the DMARC prob… Seth Johnson
- Re: What I've been wondering about the DMARC prob… Miles Fidelman
- Re: What I've been wondering about the DMARC prob… Paul Ferguson
- Re: What I've been wondering about the DMARC prob… Miles Fidelman
- Re: What I've been wondering about the DMARC prob… Hector Santos
- Re: What I've been wondering about the DMARC prob… Miles Fidelman
- RE: What I've been wondering about the DMARC prob… MH Michael Hammer (5304)
- Re: What I've been wondering about the DMARC prob… Hector Santos
- RE: What I've been wondering about the DMARC prob… MH Michael Hammer (5304)
- Re: What I've been wondering about the DMARC prob… Brian E Carpenter
- Re: DMARC and yahoo Doug Royer
- Re: DMARC and yahoo Theodore Ts'o
- Re: DMARC and yahoo Michael Richardson
- Re: DMARC and yahoo Theodore Ts'o
- Re: What I've been wondering about the DMARC prob… Sabahattin Gucukoglu
- Re: DMARC and yahoo Stephen Farrell
- Re: DMARC and yahoo Hector Santos
- Re: DMARC and yahoo Randy Bush
- Re: DMARC and yahoo Yoav Nir
- RE: DMARC and yahoo MH Michael Hammer (5304)
- Re: DMARC and yahoo Theodore Ts'o
- RE: DMARC and yahoo MH Michael Hammer (5304)
- Re: What I've been wondering about the DMARC prob… Jim Fenton
- Re: What I've been wondering about the DMARC prob… Brian E Carpenter
- Re: DMARC and yahoo Miles Fidelman
- RE: DMARC and yahoo l.wood
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… Douglas Otis
- Re: DMARC from the perspective of the listadmin o… John C Klensin
- Re: What I've been wondering about the DMARC prob… Sabahattin Gucukoglu
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: What I've been wondering about the DMARC prob… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Hector Santos
- Re: What I've been wondering about the DMARC prob… Brian E Carpenter
- Re: What I've been wondering about the DMARC prob… Theodore Ts'o
- Re: What I've been wondering about the DMARC prob… John Levine
- Re: DMARC from the perspective of the listadmin o… Martin Rex
- Re: DMARC from the perspective of the listadmin o… Doug Barton
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… Murray S. Kucherawy
- Re: DMARC from the perspective of the listadmin o… John Levine
- Re: What I've been wondering about the DMARC prob… Murray S. Kucherawy
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: What I've been wondering about the DMARC prob… Sabahattin Gucukoglu
- Re: What I've been wondering about the DMARC prob… Sabahattin Gucukoglu
- RE: DMARC from the perspective of the listadmin o… MH Michael Hammer (5304)
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- RE: DMARC from the perspective of the listadmin o… MH Michael Hammer (5304)
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Doug Barton
- Re: DMARC from the perspective of the listadmin o… Theodore Ts'o
- Re: DMARC from the perspective of the listadmin o… Randy Bush
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… John C Klensin
- Re: What I've been wondering about the DMARC prob… ned+ietf
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… Hector Santos
- Re: DMARC from the perspective of the listadmin o… John C Klensin
- Re: DMARC from the perspective of the listadmin o… Pete Resnick
- Re: DMARC and yahoo Jeffrey Altman
- Re: DMARC and yahoo John Levine
- Re: DMARC and yahoo Hector Santos
- Re: DMARC and yahoo John C Klensin
- Re: DMARC and yahoo Brian E Carpenter
- One size doesn't fit all [Re: DMARC ....] Brian E Carpenter
- Re: DMARC from the perspective of the listadmin o… Dave Crocker
- Somebody always claims something (was Re: DMARC f… Dave Crocker
- Re: DMARC and yahoo Doug Barton
- Re: DMARC and yahoo Hector Santos
- Re: DMARC and yahoo Theodore Ts'o
- RE: DMARC and yahoo Christian Huitema
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC and yahoo Yoav Nir
- Re: DMARC and yahoo John Levine
- Re: DMARC and yahoo Dave Crocker
- Re: What I've been wondering about the DMARC prob… Murray S. Kucherawy
- Re: DMARC and yahoo Doug Royer
- Re: What I've been wondering about the DMARC prob… ned+ietf
- Re: DMARC and yahoo Dave Crocker
- Re: DMARC and yahoo Douglas Otis
- Re: What I've been wondering about the DMARC prob… John Levine
- Re: DMARC and yahoo Brian E Carpenter
- Re: What I've been wondering about the DMARC prob… Murray S. Kucherawy
- Re: DMARC and yahoo Rolf E. Sonneveld
- Re: What I've been wondering about the DMARC prob… ned+ietf
- Re: DMARC and yahoo Douglas Otis
- Re: DMARC from the perspective of the listadmin o… Doug Barton
- Re: DMARC from the perspective of the listadmin o… Martin Rex
- Re: DMARC from the perspective of the listadmin o… Doug Barton
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Martin Rex
- Re: DMARC from the perspective of the listadmin o… Scott Kitterman
- Re: DMARC from the perspective of the listadmin o… Douglas Otis
- Re: DMARC from the perspective of the listadmin o… Scott Kitterman
- Re: DMARC from the perspective of the listadmin o… Martin Rex
- Re: DMARC from the perspective of the listadmin o… John R Levine
- Re: DMARC from the perspective of the listadmin o… Ted Lemon
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… Dave Crocker
- Re: DMARC from the perspective of the listadmin o… Martin Rex
- Re: DMARC from the perspective of the listadmin o… Douglas Otis
- Re: DMARC from the perspective of the listadmin o… Hector Santos
- The IETF environment (was: Re: DMARC from the per… ned+ietf
- Re: The IETF environment Dave Crocker
- RE: The IETF environment Adrian Farrel
- Re: The IETF environment Miles Fidelman
- Re: The IETF environment Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Murray S. Kucherawy
- Re: The IETF environment Abdussalam Baryun
- Re: The IETF environment Dale R. Worley
- Re: The IETF environment Brian E Carpenter
- Re: The IETF environment Dave Crocker
- Re: The IETF environment Phillip Hallam-Baker
- Re: DMARC from the perspective of the listadmin o… Hector Santos
- Re: The IETF environment S Moonesamy
- Re: The IETF environment Dave Crocker
- Re: The IETF environment Miles Fidelman
- RE: The IETF environment Christian Huitema
- Re: The IETF environment S Moonesamy
- Re: The IETF environment Miles Fidelman
- Workshop effects [Re: The IETF environment] Brian E Carpenter
- Re: Workshop effects [Re: The IETF environment] Abdussalam Baryun