Re: What I've been wondering about the DMARC problem
Seth Johnson <seth.p.johnson@gmail.com> Tue, 15 April 2014 05:30 UTC
Return-Path: <seth.p.johnson@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4245F1A075C for <ietf@ietfa.amsl.com>; Mon, 14 Apr 2014 22:30:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.701
X-Spam-Level:
X-Spam-Status: No, score=0.701 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AOeH0yvMM8qv for <ietf@ietfa.amsl.com>; Mon, 14 Apr 2014 22:30:03 -0700 (PDT)
Received: from mail-vc0-x22b.google.com (mail-vc0-x22b.google.com [IPv6:2607:f8b0:400c:c03::22b]) by ietfa.amsl.com (Postfix) with ESMTP id 282991A0751 for <ietf@ietf.org>; Mon, 14 Apr 2014 22:30:02 -0700 (PDT)
Received: by mail-vc0-f171.google.com with SMTP id lg15so8567963vcb.16 for <ietf@ietf.org>; Mon, 14 Apr 2014 22:29:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=KwTz0wIW4dGLtohc2YkSiR2aItKX8yW1T255BDuC+/A=; b=U6m1K06m+7bC46saeMOo+LNPdoyJMu0fufG6HoGXUS2MYeMXBVUhFq2T6Y4fli25Rv ZqYwD8R1r1b/3CB48Y1ltCk6K2VcmrYnNNifKEeqAW+rw6npWzZOUW6FROUhz8LQPbMJ XkgsSACG3Jg9SBJ6lym+smLtGNB3pBMMptBsAGBy1H+xDnWLF8fLK+AyAKWXhcfnTStC 5qETCvINGjNhCq58xS8B8ob8cr2KPe0qOLAeoDWaj/EibZubPqc+oDqFum6P+pNF6fQe M0/J0pOIQ1k/Ky25Y4L4kf0M1BeEP+8UGL5Nbsjtp1La0/k/tSO7+sb/UCF206Oh0h0h TZmQ==
X-Received: by 10.220.92.135 with SMTP id r7mr40448084vcm.11.1397539799231; Mon, 14 Apr 2014 22:29:59 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.220.66.6 with HTTP; Mon, 14 Apr 2014 22:29:19 -0700 (PDT)
In-Reply-To: <CAJkfFBzs6JMxGSePJ6-1_=kLZRwwgwEPBD_tnh8qXPKQCmSMPA@mail.gmail.com>
References: <53499A5E.9020805@meetinghouse.net> <5349A261.9040500@dcrocker.net> <5349AE35.2000908@meetinghouse.net> <5349BCDA.7080701@gmail.com> <01P6L9JZF5SC00004W@mauve.mrochek.com> <CAKW6Ri5f5KZyJeL7RTG2T000Qd+t61KCofNmG2JZv+nKi94Uug@mail.gmail.com> <534C0078.3070808@meetinghouse.net> <CAKW6Ri6OUmxGaBOGR2hoWpDOGWsVQ9tQ2Q9ogkT5wzFhFJLBbQ@mail.gmail.com> <534C2262.1070507@meetinghouse.net> <CAL0qLwb5p_V3i-NGhKJZBeO0qKHm1xiAq1E3nYkBzVUAXkRPpQ@mail.gmail.com> <CAKW6Ri5HWMaGMa_oLKwq5fzSUzJG=jAL1qojY1i6_tibEAxq8w@mail.gmail.com> <CAL0qLwaik1ft+AcACoc+kvKtCRt_gGvM6ov7c2yj_Uwyy3drNw@mail.gmail.com> <CAKW6Ri5_=GyOQijZMM+mqAoaEQzePGysBy9WVjN9yHO1zf3d2w@mail.gmail.com> <534C8F2B.9060903@gmail.com> <CADnDZ8-DWU3ZE_WZO3vwBWvYtNZacdN9mDUof0jmfu2uKZ2poQ@mail.gmail.com> <534CB08A.8080802@meetinghouse.net> <CAJkfFBzs6JMxGSePJ6-1_=kLZRwwgwEPBD_tnh8qXPKQCmSMPA@mail.gmail.com>
From: Seth Johnson <seth.p.johnson@gmail.com>
Date: Tue, 15 Apr 2014 01:29:19 -0400
Message-ID: <CAJkfFBzpVCX0KgXhid1W5JXbuUivgydnYYttPD_pB+FFxKvgww@mail.gmail.com>
Subject: Re: What I've been wondering about the DMARC problem
To: Miles Fidelman <mfidelman@meetinghouse.net>
Content-Type: multipart/alternative; boundary="047d7b66f5fb4af32e04f70e17a8"
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/duJKfOKciMb_lJDLSzSPHkwAqxw
Cc: IETF Discussion <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Apr 2014 05:30:08 -0000
(one insert/correction inline) On Tue, Apr 15, 2014 at 1:20 AM, Seth Johnson <seth.p.johnson@gmail.com>wrote: > The framework internationally is different. Within free countries, > there's a culture of expectations that certain things will be unacceptable, > or will be resisted by self-respecting citizens. That culture is based in > a system that guards fundamental liberties, and people are able to rely on > it to do so, though for private firms the limits aren't so definitive as > they are for the government. > > Internationally, the limits are no longer so definitive, and that's > because even though governments will sign onto instruments like the UDHR, > those rights are not actually fundamental, even if we call them that. > Fundamental rights have an undeniable priority within countries where they > have been claimed in the founding act. On that foundation, judges are > always obliged to assess fundamental rights in light of the unarguable fact > that their priority over the government was part of the original creation > of the whole system. There's no founding act in the international arena > that sets the priority of people over the governments of the world, so > rights are actually at the indulgence of governments, and governments can > always assert their state interests are so important that they warrant > impinging on fundamental liberties. > > We just saw an example of this with the Snowden disclosures. We've been > through a long period where we couldn't get our government to actually do > much for us, or conversely to not invade our liberties -- because the > claims that the government was snooping pervasively were kept marginal in > various ways. > <fixed> > But once documentation moved those considerations out of the frame of > "conspiracy" or zealotry by activist organizations, we suddenly began > seeing the appeals work again: "that's not the kind of country we are, what > we set up for ourselves," we started saying again. > </fixed> (eom) > And while it's still in a bit of denial, we are seeing a gradual grudging > retracting -- again, because the basis in fundamental liberties is > unarguably related to how we set the government up in the founding act(s). > > This is for governments and the more definitive relationship between > fundamental liberties and the government; that is, that they are limits on > the government. The judicial system treats fundamental rights violations > by the government in terms of "strict scrutiny," which means a governmental > act that impinges on fundamental liberties must serve a compelling state > interest, and even then, must be narrowly tailored. For private parties, > it's more that the working system creates a culture of people who enjoy > this ability to live in a system where these limits on the government are > actually at play -- and that's a context that more easily supports > attitudes of resistance and pushback from people who see their dignity > invaded by private firms that do excessive things. > > None of this exists internationally. The best you can place some faint > hope in is that national/state interests will be "balanced" against rights > expressed in a treaty. That's a totally different standard from strict > scrutiny. And relying on even that is unrealistic, because governments > have the "epistemic priority" -- and so they often, quite freely, simply > claim their sovereignty and act according to what they claim is an > important state interest. They simply have that wherewithal at the > international level. > > All of which is preface to say that the result is that governments and > private parties (and corporations, who have concocted trans-state "rights" > through judges acting to fill in gaps in the law over the years) know the > rules don't apply the same way in the international arena. > > In fact, given the transitions currently being attempted, whether with the > IANA functions or "Internet governance" more generally, Yahoo's DMARC > behavior may really be a sort of dry run, testing the ability to take > advantage of the moves to put concerns related to the operation of the > Internet into an international frame, which folks are pushing for without > really recognizing what's missing in that context, what they have sort of > unconsciously relied on and taken for granted within systems of checks and > balances that are rooted solidly at national levels. > > The checks and balances don't work the same internationally, and that > circumstance can be exploited (and is, all the time, these days). > > People might push back, but they don't really do so with the same sense of > fundamental recourse assured by a solidly rooted system. And Yahoo knows > this. And we're just shoring that up by saying we can just switch > multistakeholderism to the international arena. > > (All of this is aside from other factors not generally acknowledged -- > that there are actually inter-governmentally endorsed frames in place that > will have a bearing on IANA type functions or domain names (Names, Numbers, > Addresses and Identifiers/NNAI, in the ITU parlance), regardless of the > fact the IANA transition defines itself as non-governmentally-led or > inter-governmental. Looking at this in that light, Yahoo may be forcing > the creation of a context in which it can start to exercise those > frameworks.) > > > Seth > > > On Tue, Apr 15, 2014 at 12:07 AM, Miles Fidelman < > mfidelman@meetinghouse.net> wrote: > >> Important business users, with Yahoo accounts? Is that a joke? >> >> Just as a reference point: >> - I just logged into my long-unused, and un-publicized yahoo email >> account - and the only thing there is Spam >> - the lion's share of mail that comes from yahoo, to my normal account, >> is spam >> - unfortunately, a good number of people on the email lists that I run >> seem to have Yahoo mail accounts - and a good amount of the mail that comes >> from those accounts is... you guessed it... spam - because yahoo email >> accounts seem to be vulnerable to cracking and exploitation >> >> So, just who is it that Yahoo is protecting here? >> >> >> Abdussalam Baryun wrote: >> >>> The standard procedure in many companies is business scoped, so they >>> identify important business users and the business returns/damages. Most >>> important users are not IT experts, and use email for personal exchange. >>> Yahoo has signed an agreement with users to protect its information system, >>> so all seem to follow that, and all users are free to stop using services >>> or not. >>> >>> AB >>> >>> On Tuesday, April 15, 2014, Brian E Carpenter wrote: >>> >>> I thought that standard operating procedure in the IT industry >>> was: if you roll something out and it causes serious breakage to >>> some of your users, you roll it back as soon as possible. >>> >>> Why hasn't Yahoo rolled back its 'reject' policy by now? >>> >>> Regards >>> Brian >>> >>> >> >> -- >> In theory, there is no difference between theory and practice. >> In practice, there is. .... Yogi Berra >> >> >
- DMARC from the perspective of the listadmin of a … Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Dave Crocker
- Re: DMARC from the perspective of the listadmin o… Michael Richardson
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Hector Santos
- Re: DMARC from the perspective of the listadmin o… Brian E Carpenter
- Re: DMARC from the perspective of the listadmin o… Theodore Ts'o
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Mark Andrews
- Re: DMARC from the perspective of the listadmin o… Hector Santos
- Re: DMARC from the perspective of the listadmin o… Douglas Otis
- Re: DMARC from the perspective of the listadmin o… Dave Crocker
- Re: DMARC from the perspective of the listadmin o… Andrew G. Malis
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… John Levine
- Re: DMARC from the perspective of the listadmin o… Brian E Carpenter
- Re: DMARC from the perspective of the listadmin o… Brian E Carpenter
- Re: DMARC from the perspective of the listadmin o… Theodore Ts'o
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Dick Franks
- Re: DMARC from the perspective of the listadmin o… Dick Franks
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re[2]: DMARC and yahoo mohammed serrhini
- Re: DMARC from the perspective of the listadmin o… Hector Santos
- Re: DMARC from the perspective of the listadmin o… Dick Franks
- Re: DMARC from the perspective of the listadmin o… Murray S. Kucherawy
- Re: DMARC from the perspective of the listadmin o… Dave Crocker
- Re: DMARC and yahoo Doug Royer
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Murray S. Kucherawy
- Re: DMARC from the perspective of the listadmin o… Warren Kumari
- Re: DMARC from the perspective of the listadmin o… Murray S. Kucherawy
- RE: DMARC from the perspective of the listadmin o… MH Michael Hammer (5304)
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC and yahoo Theodore Ts'o
- Re: DMARC from the perspective of the listadmin o… Dick Franks
- Re: DMARC from the perspective of the listadmin o… Brian E Carpenter
- Re: DMARC from the perspective of the listadmin o… Rolf E. Sonneveld
- Re: DMARC from the perspective of the listadmin o… Dave Crocker
- Re: DMARC from the perspective of the listadmin o… Murray S. Kucherawy
- Re: DMARC from the perspective of the listadmin o… Murray S. Kucherawy
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Dave Cridland
- Re: DMARC from the perspective of the listadmin o… Dick Franks
- What I've been wondering about the DMARC problem Brian E Carpenter
- Re: What I've been wondering about the DMARC prob… Doug Barton
- Re: DMARC and yahoo Doug Royer
- Re: What I've been wondering about the DMARC prob… Miles Fidelman
- Re: What I've been wondering about the DMARC prob… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Ted Lemon
- Re: What I've been wondering about the DMARC prob… Theodore Ts'o
- Re: DMARC from the perspective of the listadmin o… Scott Kitterman
- Re: DMARC and yahoo Theodore Ts'o
- What I've been wondering about the DMARC problem Abdussalam Baryun
- Re: What I've been wondering about the DMARC prob… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Sabahattin Gucukoglu
- Re: What I've been wondering about the DMARC prob… Seth Johnson
- Re: What I've been wondering about the DMARC prob… Seth Johnson
- RE: What I've been wondering about the DMARC prob… l.wood
- Re: DMARC and yahoo Douglas Otis
- Re: What I've been wondering about the DMARC prob… Seth Johnson
- Re: What I've been wondering about the DMARC prob… Dave Crocker
- Re: DMARC from the perspective of the listadmin o… Hector Santos
- Re: What I've been wondering about the DMARC prob… Miles Fidelman
- Re: What I've been wondering about the DMARC prob… Seth Johnson
- Re: What I've been wondering about the DMARC prob… Miles Fidelman
- Re: What I've been wondering about the DMARC prob… Paul Ferguson
- Re: What I've been wondering about the DMARC prob… Miles Fidelman
- Re: What I've been wondering about the DMARC prob… Hector Santos
- Re: What I've been wondering about the DMARC prob… Miles Fidelman
- RE: What I've been wondering about the DMARC prob… MH Michael Hammer (5304)
- Re: What I've been wondering about the DMARC prob… Hector Santos
- RE: What I've been wondering about the DMARC prob… MH Michael Hammer (5304)
- Re: What I've been wondering about the DMARC prob… Brian E Carpenter
- Re: DMARC and yahoo Doug Royer
- Re: DMARC and yahoo Theodore Ts'o
- Re: DMARC and yahoo Michael Richardson
- Re: DMARC and yahoo Theodore Ts'o
- Re: What I've been wondering about the DMARC prob… Sabahattin Gucukoglu
- Re: DMARC and yahoo Stephen Farrell
- Re: DMARC and yahoo Hector Santos
- Re: DMARC and yahoo Randy Bush
- Re: DMARC and yahoo Yoav Nir
- RE: DMARC and yahoo MH Michael Hammer (5304)
- Re: DMARC and yahoo Theodore Ts'o
- RE: DMARC and yahoo MH Michael Hammer (5304)
- Re: What I've been wondering about the DMARC prob… Jim Fenton
- Re: What I've been wondering about the DMARC prob… Brian E Carpenter
- Re: DMARC and yahoo Miles Fidelman
- RE: DMARC and yahoo l.wood
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… Douglas Otis
- Re: DMARC from the perspective of the listadmin o… John C Klensin
- Re: What I've been wondering about the DMARC prob… Sabahattin Gucukoglu
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: What I've been wondering about the DMARC prob… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Hector Santos
- Re: What I've been wondering about the DMARC prob… Brian E Carpenter
- Re: What I've been wondering about the DMARC prob… Theodore Ts'o
- Re: What I've been wondering about the DMARC prob… John Levine
- Re: DMARC from the perspective of the listadmin o… Martin Rex
- Re: DMARC from the perspective of the listadmin o… Doug Barton
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… Murray S. Kucherawy
- Re: DMARC from the perspective of the listadmin o… John Levine
- Re: What I've been wondering about the DMARC prob… Murray S. Kucherawy
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: What I've been wondering about the DMARC prob… Sabahattin Gucukoglu
- Re: What I've been wondering about the DMARC prob… Sabahattin Gucukoglu
- RE: DMARC from the perspective of the listadmin o… MH Michael Hammer (5304)
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- RE: DMARC from the perspective of the listadmin o… MH Michael Hammer (5304)
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Doug Barton
- Re: DMARC from the perspective of the listadmin o… Theodore Ts'o
- Re: DMARC from the perspective of the listadmin o… Randy Bush
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… John C Klensin
- Re: What I've been wondering about the DMARC prob… ned+ietf
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… Hector Santos
- Re: DMARC from the perspective of the listadmin o… John C Klensin
- Re: DMARC from the perspective of the listadmin o… Pete Resnick
- Re: DMARC and yahoo Jeffrey Altman
- Re: DMARC and yahoo John Levine
- Re: DMARC and yahoo Hector Santos
- Re: DMARC and yahoo John C Klensin
- Re: DMARC and yahoo Brian E Carpenter
- One size doesn't fit all [Re: DMARC ....] Brian E Carpenter
- Re: DMARC from the perspective of the listadmin o… Dave Crocker
- Somebody always claims something (was Re: DMARC f… Dave Crocker
- Re: DMARC and yahoo Doug Barton
- Re: DMARC and yahoo Hector Santos
- Re: DMARC and yahoo Theodore Ts'o
- RE: DMARC and yahoo Christian Huitema
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC and yahoo Yoav Nir
- Re: DMARC and yahoo John Levine
- Re: DMARC and yahoo Dave Crocker
- Re: What I've been wondering about the DMARC prob… Murray S. Kucherawy
- Re: DMARC and yahoo Doug Royer
- Re: What I've been wondering about the DMARC prob… ned+ietf
- Re: DMARC and yahoo Dave Crocker
- Re: DMARC and yahoo Douglas Otis
- Re: What I've been wondering about the DMARC prob… John Levine
- Re: DMARC and yahoo Brian E Carpenter
- Re: What I've been wondering about the DMARC prob… Murray S. Kucherawy
- Re: DMARC and yahoo Rolf E. Sonneveld
- Re: What I've been wondering about the DMARC prob… ned+ietf
- Re: DMARC and yahoo Douglas Otis
- Re: DMARC from the perspective of the listadmin o… Doug Barton
- Re: DMARC from the perspective of the listadmin o… Martin Rex
- Re: DMARC from the perspective of the listadmin o… Doug Barton
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Martin Rex
- Re: DMARC from the perspective of the listadmin o… Scott Kitterman
- Re: DMARC from the perspective of the listadmin o… Douglas Otis
- Re: DMARC from the perspective of the listadmin o… Scott Kitterman
- Re: DMARC from the perspective of the listadmin o… Martin Rex
- Re: DMARC from the perspective of the listadmin o… John R Levine
- Re: DMARC from the perspective of the listadmin o… Ted Lemon
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… Dave Crocker
- Re: DMARC from the perspective of the listadmin o… Martin Rex
- Re: DMARC from the perspective of the listadmin o… Douglas Otis
- Re: DMARC from the perspective of the listadmin o… Hector Santos
- The IETF environment (was: Re: DMARC from the per… ned+ietf
- Re: The IETF environment Dave Crocker
- RE: The IETF environment Adrian Farrel
- Re: The IETF environment Miles Fidelman
- Re: The IETF environment Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Murray S. Kucherawy
- Re: The IETF environment Abdussalam Baryun
- Re: The IETF environment Dale R. Worley
- Re: The IETF environment Brian E Carpenter
- Re: The IETF environment Dave Crocker
- Re: The IETF environment Phillip Hallam-Baker
- Re: DMARC from the perspective of the listadmin o… Hector Santos
- Re: The IETF environment S Moonesamy
- Re: The IETF environment Dave Crocker
- Re: The IETF environment Miles Fidelman
- RE: The IETF environment Christian Huitema
- Re: The IETF environment S Moonesamy
- Re: The IETF environment Miles Fidelman
- Workshop effects [Re: The IETF environment] Brian E Carpenter
- Re: Workshop effects [Re: The IETF environment] Abdussalam Baryun