Re: DMARC and ietf.org
"John R Levine" <johnl@taugh.com> Sat, 13 August 2016 15:11 UTC
Return-Path: <johnl@taugh.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3516312D0A8 for <ietf@ietfa.amsl.com>; Sat, 13 Aug 2016 08:11:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=B/3YPPQx; dkim=pass (1536-bit key) header.d=taugh.com header.b=lr8DixV8
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EwFFBeO_3GGn for <ietf@ietfa.amsl.com>; Sat, 13 Aug 2016 08:11:00 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 481F812B01B for <ietf@ietf.org>; Sat, 13 Aug 2016 08:11:00 -0700 (PDT)
Received: (qmail 61701 invoked from network); 13 Aug 2016 15:10:59 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=f104.57af3883.k1608; bh=5vq6CAO2yvs081JHyctN6LjRXg0NhILRfxyK276wmXk=; b=B/3YPPQxTM+HyjpuJscOAHgVMh4CQEWw8dvzbNjKxyNBuUBP1h2GI1MHrDWXnRLBEF32R+2MTiDZoH16rcM9ZjKIN5YEkmeeNhtxwpoMYRujt+UZxcTGUWJBpFR00oFUYAZf8AGYaUnvdK1IYHqTNFOBjeorg6/hK4LZz+igpCAKj/1nK5KRm9c1N9VZG1HZsUcrC3YQQ/jN4aL56BpsksQoadCxJSwe3p+b16vNPAHqqrjukZyP0/gbNN527gAJ
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=f104.57af3883.k1608; bh=5vq6CAO2yvs081JHyctN6LjRXg0NhILRfxyK276wmXk=; b=lr8DixV8pCWR7x7QNH5URVmYw9HtdIg24nU6Qk7HRpckTQSx4Vkhs15RJY8IwuMlY2IYiz1596gm/q/fnXi7bJxaq5DmNFz8qYAcHyjr05xIUBri1De2xACtoWVbuu17Pi2n9i+QNSIIPYGNQ2+BA+Mtbqo1mpJGz7nrprrjvMpG/Lak3s+xaN6qsTUs8cabyB9EC1G3B9SBBZ7b0UDnJIYwKH5PxqPMT6r1XJ4B0i7Dk0m90CZ/IgigKv3HvWWg
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.0/X.509/SHA1) via TCP6; 13 Aug 2016 15:10:59 -0000
Date: Sat, 13 Aug 2016 11:10:59 -0400
Message-ID: <alpine.OSX.2.11.1608131101040.12562@ary.local>
From: John R Levine <johnl@taugh.com>
To: Theodore Ts'o <tytso@mit.edu>
Subject: Re: DMARC and ietf.org
In-Reply-To: <20160813150004.GM10626@thunk.org>
References: <c87f5578-be42-5a4e-d979-f4166e2f2ef2@gmail.com> <20160813023957.5679.qmail@ary.lan> <CAPt1N1mO0xxfc3SghV1pcNUjOz9yKk-g=bgU+dWrgy2LWcwhBg@mail.gmail.com> <20160813150004.GM10626@thunk.org>
User-Agent: Alpine 2.11 (OSX 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/kL24edUthAOuHuwK3ZnpFkCXduI>
Cc: ietf <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Aug 2016 15:11:02 -0000
> The real problem is that in the absence of standardization, when the > folks who implemented DMARC went ahead without doing something that > didn't break all use cases, there's no consensus on what is the "good > enough" solution. DMARC was fine when it was used to protect high value company domains like paypal.com. It became much less fine when AOL and Yahoo started using it to force the costs of their own security failures on third parties. > ARC is supposed to be the magic bullet that will fix all of this, but > this assumes someone is going to create ARC implementations for all of > the common mailing list server implementations, and it's not obvious > that this is going to be happening, either. The Mailman people are certainly working on it, and I plan to work on Sympa. What list software are you thinking of? More to the point, ARC lets lists keep working they way they're supposed to. All of the workarounds break stuff. The most popular workaround, putting the list address on the From: line, makes it hard to tell who the message is from, close to impossible to reply to the author of the message*, and trains people to be phished. > But it's a lot easier to blame the people who made the change which > broke things..... Well, yes, they certainly deserve it. Regards, John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. * - anyone who says "you can put it in the Reply-To" has just shown that they don't understand the problem.
- Re: DMARC and ietf.org =JeffH
- Re: Do we actually want to do anything about DMAR… John Levine
- Re: DMARC and ietf.org John Levine
- Re: Do we actually want to do anything about DMAR… Brian E Carpenter
- Re: DMARC and ietf.org S Moonesamy
- Re: Do we actually want to do anything about DMAR… ned+ietf
- Re: Do we actually want to do anything about DMAR… John R Levine
- Re: Do we actually want to do anything about DMAR… Michael Richardson
- Re: Do we actually want to do anything about DMAR… Theodore Ts'o
- Re: DMARC and ietf.org Rich Kulawiec
- Re: Do we actually want to do anything about DMAR… Alessandro Vesely
- Do we actually want to do anything about DMARC? John Levine
- Re: DMARC and ietf.org Michael Richardson
- Re: DMARC and ietf.org S Moonesamy
- Re: DMARC and ietf.org Viktor Dukhovni
- Re: list managers, was DMARC and ietf.org John R Levine
- Re: DMARC and ietf.org Theodore Ts'o
- ARC (was - Re: DMARC and ietf.org) Dave Crocker
- Re: DMARC and ietf.org Theodore Ts'o
- Re: DMARC and ietf.org John R Levine
- Re: DMARC and ietf.org Ted Lemon
- Re: DMARC and ietf.org Brian E Carpenter
- Re: DMARC and ietf.org John Levine
- Re: DMARC and ietf.org John Levine
- Re: DMARC and ietf.org Andrew G. Malis
- Re: DMARC and ietf.org =JeffH
- Re: DMARC and ietf.org John Payne
- Re: DMARC and ietf.org John Levine
- Re: DMARC and ietf.org John Payne
- Re: DMARC and ietf.org Miles Fidelman