On Wed, Mar 12, 2014 at 2:19 PM, J. Gomez <[email protected]> wrote:
> DMARC has a prominent failure case with mailing lists; also, such failure > cases are not readily obvious to prospect would-be DMARC adopters as > Senders. SPF does not have those problems. That's false. SPF and DKIM both have problems with mailing lists and/or forwarding, depending on how the relevant software is configured to behave. These issues have existed for many years and are well documented. DMARC, which is in effect a layer atop those, is not introducing anything new here. Therefore, DMARC is much more hairy to properly implement as a receiver > that SPF. If you don't want to acknowledge that, but prefer to misrepresent > my position and to posit it as ridiculous or inconsistent, then I feel very > much dismayed. > Your premise is false, thus your conclusion is unsupported. That has nothing at all to do with what I do or do not want to acknowledge; your facts are simply in error. I don't believe I'm misrepresenting your position, but I am trying to reveal flaws in your arguments from the perspective of someone reading them (and who has been down this road before). If I have misunderstood or you believe my facts are wrong, you are certainly welcome to try to set us all straight (preferably with evidence rather than opinion). Thus far, however, all I can see are repeated claims that either don't appear to be backed by reality or are contradicted by other things you've said. For the sake of being complete: The equivalent to your "l=" idea was proposed during the development of several of DMARC's antecedents, including DKIM and ADSP and probably others. The counter-argument has always been the same: Such a flag, if set, weakens the meaning of a "reject" policy to the point of absurdity: An attacker simply makes any post look like it came in via a list (for which there is no deterministic identification algorithm in the first place), and the mail won't certainly be rejected as it ought to be. One might argue that "p=reject l=true" is equivalent to "p=quarantine", which we already have. Either way, this is plainly a showstopper for your suggestion. I don't see anything in your original suggestion or this re-statement that defeats this counter-argument. This is why several people, not just me, challenged your suggestion when you made it. > Please explain why that is a more important consideration than the > > number of users being protected. > > Please, explain why the internally-agreed-upon practices of the > oligopolistic big four mailbox providers need to be sanctioned as an > Internet-wide official standard disregarding the operational problems such > an standard in its current formulation would bring to the smaller players > in the email arena. > There are several fallacies in here as well, not to mention a wandering off into the irrelevant. In fact there appear to be so many logical inconsistencies and previously refuted points in your claims and conclusions that, as you so aptly put it, I give up. -MSK
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
