IETF Logo Mail Archive

RE: DMARC from the perspective of the listadmin of a bunch of SMALL community lists

"MH Michael Hammer (5304)" <MHammer@ag.com> Fri, 18 April 2014 20:10 UTC

Return-Path: <MHammer@ag.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD2851A01BB for <ietf@ietfa.amsl.com>; Fri, 18 Apr 2014 13:10:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.3
X-Spam-Level:
X-Spam-Status: No, score=-1.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, J_CHICKENPOX_16=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6nyIm8FNP0Yy for <ietf@ietfa.amsl.com>; Fri, 18 Apr 2014 13:10:39 -0700 (PDT)
Received: from agwhqht.amgreetings.com (agwhqht.amgreetings.com [207.58.192.41]) by ietfa.amsl.com (Postfix) with ESMTP id 981541A002E for <ietf@ietf.org>; Fri, 18 Apr 2014 13:10:39 -0700 (PDT)
Received: from USCLES544.agna.amgreetings.com ([fe80::f5de:4c30:bc26:d70a]) by USCLES531.agna.amgreetings.com ([::1]) with mapi id 14.03.0158.001; Fri, 18 Apr 2014 16:10:35 -0400
From: "MH Michael Hammer (5304)" <MHammer@ag.com>
To: "Murray S. Kucherawy" <superuser@gmail.com>, "ned+ietf@mauve.mrochek.com" <ned+ietf@mauve.mrochek.com>
Subject: RE: DMARC from the perspective of the listadmin of a bunch of SMALL community lists
Thread-Topic: DMARC from the perspective of the listadmin of a bunch of SMALL community lists
Thread-Index: AQHPWr6uPWZYqrDS0kS5LDODiAAGHZsXeXikgABNUQCAAAUTQA==
Date: Fri, 18 Apr 2014 20:10:34 +0000
Message-ID: <CE39F90A45FF0C49A1EA229FC9899B0507D4DB17@USCLES544.agna.amgreetings.com>
References: <53499A5E.9020805@meetinghouse.net> <5349A261.9040500@dcrocker.net> <5349AE35.2000908@meetinghouse.net> <5349BCDA.7080701@gmail.com> <01P6L9JZF5SC00004W@mauve.mrochek.com> <CAL0qLwZr=wVX6eD+yGVOaxkSy5fJbuAErTshOG+2BywUvkDfAA@mail.gmail.com> <01P6QCMYYMJ000004W@mauve.mrochek.com> <6EF4DECC078B08C89F163155@JcK-HP8200.jck.com> <01P6QVVGQA4W00004W@mauve.mrochek.com> <5350A9FB.9010307@dougbarton.us> <01P6S93XQ9TI00004W@mauve.mrochek.com> <CAL0qLwbeouNWWAyanTdUHACLUds=5ZQcG0TMCW-AmMNmuE6qrw@mail.gmail.com>
In-Reply-To: <CAL0qLwbeouNWWAyanTdUHACLUds=5ZQcG0TMCW-AmMNmuE6qrw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.104.254.231]
x-kse-antivirus-interceptor-info: scan successful
x-kse-antivirus-info: Clean
Content-Type: multipart/alternative; boundary="_000_CE39F90A45FF0C49A1EA229FC9899B0507D4DB17USCLES544agnaam_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/fu0MjXk915jUNuAqlC1dLtDHEa4
Cc: ietf <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Apr 2014 20:10:43 -0000


From: ietf [mailto:ietf-bounces@ietf.org] On Behalf Of Murray S. Kucherawy
Sent: Friday, April 18, 2014 11:41 AM
To: ned+ietf@mauve.mrochek.com
Cc: ietf
Subject: Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists

On Fri, Apr 18, 2014 at 7:47 AM, <ned+ietf@mauve.mrochek.com<mailto:ned+ietf@mauve.mrochek.com>> wrote:

The message was pretty clearly, "We think DMARC is valuable enough to us
that we plan to deploy it even though it has the unfortunate side effect
of causing problems for mailing lists."

Allow me to rephrase: "We think getting our commerical mail through is worth
sacrificing all sorts of personal mail functionality users depend on. And we
don't care who it hurts, including some shops as large or larger than we are."

I'm not so sure delivery is the primary goal.  Rather, "We're tired of the fact that we are unable to control who generates mail that appear to come from our domain(s), and it's hurting us" is how that should at least start.  A tarnished domain name has repercussions beyond just delivery of email.
MH: I’m going to disagree with Murray on the fact that it’s hurting us, the company as the motivator, at least from my perspective. I see it as preventing end users from getting hurt from this particular use case (direct domain abuse). The further we (for some definition of we) can push bad actors from reality (from the users perspective), the less likely they are to fall for certain types of social engineering. I would hypothesize that increased abuse of the type Yahoo has been seeing may be in part due to increased difficulty on the part of malicious individuals in abusing brands implementing DMARC with p=reject. P to P mail becomes increasingly attractive and the use of stolen address books or user email addresses and information from stored messages can be used to improve the effectiveness of the social engineer.

Mike

v2.23.0 | Report a Bug | By Email