On Thursday, April 10, 2014 5:48 PM, Pierre-Alain Dupont wrote: > I am really wondering as to what is your aim here.
understanding dmarc's aim is much easier if u study the way it came into being. in short, dmarc is evolution of practice of reporting on phishing attacks big mailbox providers [yahoo, google] intercepted, on behalf of big email senders [facebook, paypal]. considering such two-way reporting helped big email senders, as well as mailbox providers, fight against phishing, they decided it's a good idea to standardise the entire protocol they devised for this purpose. however, while it was great for such a narrow playfield, in which none used forwarding, mailing lists, or anything of sort, it's rly bad for internet in wide, where all these practices r not only common, but natural, as clearly defined by their rfcs. the trouble is that, beyond fixing obvious problems with current dmarc protocol, ppl working on standardising this protocol don't rly imagine changing dmarc enough to account for all natures of internet emailing as seen today. instead, their tendency is to suggest fixes in those natures instead. i will agree with anyone who thinks such policy is inherently broken. it is, without talking too much, simple common sense to build new things while accounting for all old practices evolved thus far in the same domain. otherwise, what u r doing is introducing conflict, and when u do that, u need a strongly better reason than just domain-based email authentication and reporting. so, while phishing is a problem, dmarc will not solve it the way it's proposed today. dmarc will need to change greatly before domain owners start using p=reject widely. and its authors need to open up and start accepting new ideas. otherwise, all this effort won't mean much to anyone, but engineering teams in big email senders and big mailbox providers. and world isn't so small, and, i hope, will never be. -- Vlatko Salaj aka goodone http://goodone.tk _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
