Re: What I've been wondering about the DMARC problem

Paul Ferguson <fergie@people.ops-trust.net> Tue, 15 April 2014 17:00 UTC

Return-Path: <fergie@people.ops-trust.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B3C71A0658 for <ietf@ietfa.amsl.com>; Tue, 15 Apr 2014 10:00:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.174
X-Spam-Level:
X-Spam-Status: No, score=-2.174 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.272, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PPyZ3x36AxyM for <ietf@ietfa.amsl.com>; Tue, 15 Apr 2014 10:00:57 -0700 (PDT)
Received: from people.ops-trust.net (people.usa5.ops-trust.net [199.168.91.182]) by ietfa.amsl.com (Postfix) with ESMTP id F19CE1A011A for <ietf@ietf.org>; Tue, 15 Apr 2014 10:00:56 -0700 (PDT)
Received: from [192.168.10.155] (unknown [64.122.169.98]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: fergie) by people.ops-trust.net (Postfix) with ESMTPSA id 405B01468003; Tue, 15 Apr 2014 17:00:53 +0000 (UTC)
Message-ID: <534D65C2.2040209@people.ops-trust.net>
Date: Tue, 15 Apr 2014 10:00:50 -0700
From: Paul Ferguson <fergie@people.ops-trust.net>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Miles Fidelman <mfidelman@meetinghouse.net>
Subject: Re: What I've been wondering about the DMARC problem
References: <53499A5E.9020805@meetinghouse.net> <5349A261.9040500@dcrocker.net> <5349AE35.2000908@meetinghouse.net> <5349BCDA.7080701@gmail.com> <01P6L9JZF5SC00004W@mauve.mrochek.com> <CAKW6Ri5f5KZyJeL7RTG2T000Qd+t61KCofNmG2JZv+nKi94Uug@mail.gmail.com> <534C0078.3070808@meetinghouse.net> <CAKW6Ri6OUmxGaBOGR2hoWpDOGWsVQ9tQ2Q9ogkT5wzFhFJLBbQ@mail.gmail.com> <534C2262.1070507@meetinghouse.net> <CAL0qLwb5p_V3i-NGhKJZBeO0qKHm1xiAq1E3nYkBzVUAXkRPpQ@mail.gmail.com> <CAKW6Ri5HWMaGMa_oLKwq5fzSUzJG=jAL1qojY1i6_tibEAxq8w@mail.gmail.com> <CAL0qLwaik1ft+AcACoc+kvKtCRt_gGvM6ov7c2yj_Uwyy3drNw@mail.gmail.com> <CAKW6Ri5_=GyOQijZMM+mqAoaEQzePGysBy9WVjN9yHO1zf3d2w@mail.gmail.com> <534C8F2B.9060903@gmail.com> <534D5516.7060902@dcrocker.net> <534D5FD6.506@meetinghouse.net> <CAJkfFBzw4uKOvOdZKiymW6PX+iQ9CYQuMENOopx-32nEA7TGyg@mail.gmail.com> <534D63D1.3060202@meetinghouse.net>
In-Reply-To: <534D63D1.3060202@meetinghouse.net>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/uPI0xjbGBtRXR8ziFrcKVYG_S_o
Cc: IETF Discussion <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Apr 2014 17:00:58 -0000

On 4/15/2014 9:52 AM, Miles Fidelman wrote:

> Which does bring us back to the question of how to deal with "bad
> actors" (or at least "irresponsible actors" or "uncooperative actors")
> within a cooperative governance framework.  Sigh.... Miles
> 

Welcome to the club. I've been wondering about that same issue with
regards to getting adoption of BCP38 for over a decade. :-)

- ferg



> Seth Johnson wrote:
>> They're forcing adoption -- while folks have not been addressing this
>> piece of the inter-governmental frame.  :-)
>>
>>
>> On Tue, Apr 15, 2014 at 12:35 PM, Miles Fidelman
>> <mfidelman@meetinghouse.net <mailto:mfidelman@meetinghouse.net>> wrote:
>>
>>     Dave Crocker wrote:
>>
>>         On 4/14/2014 6:45 PM, Brian E Carpenter wrote:
>>
>>             I thought that standard operating procedure in the IT
>> industry
>>             was: if you roll something out and it causes serious
>>             breakage to
>>             some of your users, you roll it back as soon as possible.
>>
>>             Why hasn't Yahoo rolled back its 'reject' policy by now?
>>
>>
>>
>>         As the most-recent public statement from Yahoo, this might
>>         have some tidbits in it that are relevant to your question:
>>
>>
>>
>>        
>> http://yahoo.tumblr.com/post/82426971544/an-update-on-our-dmarc-policy-to-protect-our-users
>>
>>
>>
>>     You mean the part where they say:
>>     "We know there are about 30,000 affected email sending services,
>>     but we also know that the change needed to support our new DMARC
>>     policy is important and not terribly  difficult to implement. We
>>     have detailed the changes we are requiring here
>>    
>> <http://yahoomail.tumblr.com/post/82426900353/yahoo-dmarc-policy-change-what-should-senders-do>."
>>
>>
>>     I.e., 'not our problem'
>>
>>     Miles Fidelman
>>
>>
>>     --     In theory, there is no difference between theory and practice.
>>     In practice, there is.   .... Yogi Berra
>>
>>
> 
> 


-- 
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2