On Friday, June 6, 2014 7:50 PM, Murray S. Kucherawy <[email protected]> wrote:
> PayPal, Bank of America, and Facebook at least have been using it > for a long time, and I'd bet you didn't even notice. i did notice bunch of MTA errors in infrastructure i'm supporting, that previously weren't there, all DMARC errors on legitimate email. >> i would rather say it's a case of "history repeating". how many >> email policy protocols were developed in last 10y? a bunch of them. >> all of them failed. all of them "historic" now. > Which ones, other than ADSP? i'm not a search engine. but one could even argue that SPF, Sender-ID and bunch of DKIM addons were exactly in that group. >> actually, AFAICS, we have three complete solutions for 3rd party support, > To answer Stephen's question, I'm guessing you're referring to ATPS, > use of CNAME to point to an externally-posted key, and a key exchange where > an operator give a third party a signing key. nope, i'm not referring to any of DKIM's 3rd party support. we r in DMARC mailing list. i'm referring to DMARC 3rd party support proposals, all of which have been mentioned many times on this mailing list. > I think the more likely explanation is that the proposals on the table > are much too risky and costly given the benefits. i see no risks with me publishing a DMARC records saying exactly this: do DMARC alignment against yahoo domain too. and i'm sure u can't find any, other than breaching yahoo itself, my account, or my dns records, all of which isn't DMARC's field of protection anyway. be free to make an example, i would really like to see what additional risks and costs u r mentioning. if possible, ofc. >> having it at IETF as an informational RFC speaks volumes on its fate. > The status of the current document has nothing at all to do with the quality > of what's in it, but rather the procedural path it's taking toward > publication. anyone can trust whatever they like. but considering u work for ur DMARC bosses as a document shepard... i'll just consider u biased in evaluating this. nobody interested to fix email would publish such a protocol as independent RFC. more brains, better solutions, more contributions, better standard... there have been many calls to make a working group. but, they don't want a working group, they don't want somebody else taking control, fixing stuff that's broken, cause they would be forced to introduce support for it. why would they care, right? they build it for themselves. very caring, for sure. no wonder major US ICT companies r losing reputation. so many times we make same mistakes... -- Vlatko Salaj aka goodone http://goodone.tk _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
