On 04/09/2015 04:51 PM, MH Michael Hammer (5304) wrote:
-----Original Message-----
From: dmarc [mailto:[email protected]] On Behalf Of Rolf E.
Sonneveld
Sent: Thursday, April 09, 2015 10:17 AM
To: Anne Bennett; [email protected]
Subject: Re: [dmarc-ietf] Updated mandatory tag/conditional signature draft
On 04/09/2015 03:24 PM, Anne Bennett wrote:
Hector Santos <[email protected]> writes:
A database is still needed of which domains will have an outbound
mail stream with two signatures. Some how the list domains will
still need to register with the Yahoos and tell the Yahoos,
"Please send us two signatures authorizing out list domain." I
would like to call this a "registration" problem because thats seems
to be the area of disagreement as a real problem.
I have to agree; if this is the case, to me, it is a show-stopper.
The genius of the DKIM and SPF and DMARC approaches is that they are
DNS-based, and thus completely decentralized. The idea that lists
would have to register with the e-mail providers of all of their
contributors, or that I as a (very small!) e-mail provider would have
to figure out what is and isn't a list, doesn't scale.
This can be solved by having the owners of mailing lists publish a yet-to-be-
defined DNS record in which they proclaim the presence of a mailing list
within that domain. I'm contemplating to write a draft for this, as more than
one of the suggested solutions to the mailing list problem might benefit
from this.
How does this solve anything?
At least it could help in discovering what domains potentially houses a
mailing list. Whether to trust this assertion is something different. I
can imagine ESPs could combine this information with information they
already have about mailing lists (Yahoo once claimed there were only
30,000 of them, so one way or another they already had some list of
mailing lists?).
What prevents non-owners of mailing lists proclaiming the presence of a mailing list
within "that" domain? What prevents malicious individuals setting up a mailing
list and proclaiming it?
Nothing at all. But the same holds true for registering with the e-mail
providers. Actually, publishing a DNS record might be seen as a
submission for registration with the sender. The sending domain still
determines whether to accept that registration (and use @fs=domain) or not.
Having said that, I don't like the idea of designing all sorts of auxilliary
technologies to solve the problems introduced by DMARC, or better said: if
we'd come up with such helper technologies we should try to address as
many use cases, presented in [1], as possible. If we do not, at the the end of
the day we'll have created a myriad of new technologies, considerably
increased the complexity of the e-mail ecosystem worldwide with a net
result of zero as long as senders still treat p=reject as p=none/quarantine.
You will never avoid "local policy" - that is reality. As an aside, don't you mean "
as long as VALIDATORS still treat p=reject as p=none/quarantine."
Yes, sorry, you're right: that should be 'validators'.
/rolf
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
