Re: DMARC and ietf.org
"John Levine" <johnl@taugh.com> Mon, 15 August 2016 20:48 UTC
Return-Path: <johnl@taugh.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D493212B025 for <ietf@ietfa.amsl.com>; Mon, 15 Aug 2016 13:48:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QjvDYkGv_HlO for <ietf@ietfa.amsl.com>; Mon, 15 Aug 2016 13:48:43 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80BE5127077 for <ietf@ietf.org>; Mon, 15 Aug 2016 13:48:43 -0700 (PDT)
Received: (qmail 51059 invoked from network); 15 Aug 2016 20:48:42 -0000
Received: from unknown (64.57.183.18) by mail1.iecc.com with QMQP; 15 Aug 2016 20:48:42 -0000
Date: Mon, 15 Aug 2016 20:48:20 -0000
Message-ID: <20160815204820.10121.qmail@ary.lan>
From: John Levine <johnl@taugh.com>
To: ietf@ietf.org
Subject: Re: DMARC and ietf.org
In-Reply-To: <20160815114408.GA28486@gsp.org>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/UcUNxRZUHmWoHwVrz4bd2wcqzN0>
Cc: rsk@gsp.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Aug 2016 20:48:45 -0000
>> DMARC was fine when it was used to protect high value company domains like >> paypal.com. It became much less fine when AOL and Yahoo started using it to >> force the costs of their own security failures on third parties. > >Worth noting is that their deployment of DMARC has done *nothing* >to address those security failures and thus *nothing* to stop the >forgeries that were the alleged impetus for the deployment. In fact, >it's arguably made the impact of those worse because they now arrive >with whatever degree of endorsement DMARC validation provides. Acually, it's been quite effective for what Yahoo and AOL cared about. Yahoo's problem was that crooks had stolen people's address books so their users were getting spam with faked return addresses of people they knew, sent from botnets outside of Yahoo, provoking many expensive support calls. Turning on DMARC stopped that cold. Of course, it also stopped other stuff which is why we're here. R's, JOhn
- Re: DMARC and ietf.org =JeffH
- Re: Do we actually want to do anything about DMAR… John Levine
- Re: DMARC and ietf.org John Levine
- Re: Do we actually want to do anything about DMAR… Brian E Carpenter
- Re: DMARC and ietf.org S Moonesamy
- Re: Do we actually want to do anything about DMAR… ned+ietf
- Re: Do we actually want to do anything about DMAR… John R Levine
- Re: Do we actually want to do anything about DMAR… Michael Richardson
- Re: Do we actually want to do anything about DMAR… Theodore Ts'o
- Re: DMARC and ietf.org Rich Kulawiec
- Re: Do we actually want to do anything about DMAR… Alessandro Vesely
- Do we actually want to do anything about DMARC? John Levine
- Re: DMARC and ietf.org Michael Richardson
- Re: DMARC and ietf.org S Moonesamy
- Re: DMARC and ietf.org Viktor Dukhovni
- Re: list managers, was DMARC and ietf.org John R Levine
- Re: DMARC and ietf.org Theodore Ts'o
- ARC (was - Re: DMARC and ietf.org) Dave Crocker
- Re: DMARC and ietf.org Theodore Ts'o
- Re: DMARC and ietf.org John R Levine
- Re: DMARC and ietf.org Ted Lemon
- Re: DMARC and ietf.org Brian E Carpenter
- Re: DMARC and ietf.org John Levine
- Re: DMARC and ietf.org John Levine
- Re: DMARC and ietf.org Andrew G. Malis
- Re: DMARC and ietf.org =JeffH
- Re: DMARC and ietf.org John Payne
- Re: DMARC and ietf.org John Levine
- Re: DMARC and ietf.org John Payne
- Re: DMARC and ietf.org Miles Fidelman