On Friday, April 18, 2014 10:44 AM, Murray S. Kucherawy <[email protected]> wrote:
> So you don't want the authentication enforcement, only the reports? no, i do want authentication enforcement. i do not want alignment enforcement. i want parsing of both SPF and DKIM in AND-based logic and i want it standardized, and standardized rejection based on failure of such parsing, and standardized reporting, and standardized introduction in anti-spam filters. hint: "standardized" is the point here. if that, somehow, isn't obvious. > Isn't that what "p=none" does? nope. "p=none" simply excludes my email from DMARC completely. i do get reporting, but i don't get standardized parsing, or standardized rejection on failure, or standardized anti-spam filtering introduction, or whatever else builds on DMARC in the future. > So you're saying both need to pass (in the AND case), but it doesn't > matter which domains they validated? > Again, that means I can send any mail I want as your domain and that > would pass DMARC, and I'm not clear about why you want that. cause u r not fixing alignment problems u introduced in DMARC, and i have no other choice but to disregard alignment completely, yet i also don't care about possible phishing that much, cause either my domain doesn't get phished much or SPF/DKIM/anti-spam filtering on receivers' side works well in such cases, which brings me back to alignment again and how i don't care about alignment or how u don't want to fix it, so i decide i'll just turn it off, instead of bickering on DMARC mailing list about fixing the alignment problem, which u don't want to fix, cause u keep saying it's a feature. and came the time when google started defending problems as features. however, as i said, DMARC is way more than just alignment, and i do care about those other things, especially if there's AND-logic in the standard. 10 goto _top > Right, that's the third-party case discussed above. > There are a bunch of limitations, assuming this is something that's > actually in enough demand to add. and what does "enough demand to add" mean? who decides about what's enough, in this, adhoc something which isn't even an ietf approved wg? > For starters: (1) sticking the list in a DNS TXT field will not scale > (suppose you want to authorize a thousand third parties), and i just love how u r gonna authorize a 1000 3rd parties with DKIM-key sharing, instead. nice discussion we have here. maybe next time i can make ridiculous contra argument like this on some of ur new ideas, just to be fair. > (2) you have to keep the list current, which will need automation and > security around it as users seek to add entries (by subscribing to lists, > for example). i guess u r intentionally missing the point here. i have no other idea why it is so hard to read when i write "small players", few domains, or whatever else i wrote while trying to paint this "small" picture for everybody here. so, it's not 1000 domains, 4000 IPs, 50000 servers. it would be, on average, imo, 2 domains [for those who actually use the setting, which is already a special case, not a common practice]. > Of course, since DMARC is about keeping control over that, > maybe it's an expected scaling problem, but it's still something that > needs to be handled. which isn't enough of a reason against. >>> I totally agree there, especially since Sender-ID got almost no adoption >>> (see RFC 6686), and that seems unlikely to change now. >> it would change quite fast if we would make it part of DMARC. > What would be the value in doing so? alignment-pass in various special cases i'm trying to cover here with my proposals, which currently have alignment-fail status. if Sender-ID was part of DMARC, my "goodone.tk email stream coming from yahoo mail use case" would be solved instantly. it would also cover mailing lists, and whatnot, just because of benefits Sender-ID has over SPF. so, if Sender-ID was a part of DMARC-underlying mechanisms, i would drop all my proposals, cause my troubling case scenarios would be solved, as well as many others. > The fact that in several years nobody adopted Sender-ID > speaks pretty loudly to me. this is like saying that there r no business politics in protocol world. right. it's pretty obvious Sender-ID was a collateral victim of general displeasure with Microsoft's business model. who knows, we may soon see the same happening to Google too... if it haven't started already. > It seems to me more like you're talking about a way to extend specific > other domains to be allowed to send mail as your domain and still pass. > SPF and DKIM already have mechanisms to do that, not to mention > experimental extensions like ATPS. DMARC's alignment problem isn't SPF's or DKIM's problem. and if u r suggesting i should use DKIM extensions, which r rarely supported, or other tools, to fix problems DMARC introduces, then i'll just quit this mailing list, and ignore the entire protocol, cause it's broken and u r telling me u don't want to fix it. ps. i hope nobody felt threatened by my somewhat ironical tone in this message. -- Vlatko Salaj aka goodone http://goodone.tk _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
