On Saturday, April 25, 2015 12:24 PM [GMT+1=CET], Rolf E. Sonneveld wrote: > On 04/25/2015 11:50 AM, J. Gomez wrote: > > On Thursday, April 16, 2015 4:11 PM [GMT+1=CET], Scott Kitterman > > wrote: > > > > > I will probably regret this, but since people are throwing around > > > things like Pareto to argue in favor or against specific solution > > > areas, I thought it might be useful to take a step back and look > > > at what might make a solution (or set > > > of solutions) useful to pursue. > > > > > > For indirect mail flows like mailing lists, there are three actors > > > involved: > > > > > > 1. Originator > > > 2. Mediator > > > 3. Receiver > > > > > > For the purposes of this discussion I'll further categorize the > > > entities involved as big and small (yes, it's way more complex > > > than that, but I think that's sufficient). > > > > > > That leads to six combinations: Originator/Big, Originator/Small, > > > Mediator/Big, Originator/Small, Receiver/Big, and Receiver/Small. > > > > > > There have been solutions proposed that only require changes for > > > one of the three above, that require changes at two of the above, > > > and that require > > > changes at all three. > > Nice framework. > > > > I'd like to note that it is the presence/existance of actor > > "Mediator" which induces the DMARC compatibility problems with > > indirect flows. > > > > I.e., if you supress the Mediator, all is fine and dandy. That fact > > should at leat put some pressure on Mediator regarding the > > searching for a solution, and should induce Mediator to acknowledge > > that he will have to assume certain costs for such a solution. > > > > I see Originator already assuming costs: deploying SPF in DNS and > > keeping it current, deploying DKIM records and DKIM-signing > > outgoing email, deploying DMARC records and being vigilant > > regarding Header-From alignment in his outgoing email, etc. > > > > And I see Receiver already assuming costs: setting up systems to > > check SPF, DKIM and DMARC for incoming email, dealing with the > > support costs of false positives and phised users, sending out > > DMARC reports, etc. > > > > What costs are Mediators currently taking to improve > > validation/authentication of the email system as a whole? > > and what benefits do they get in return?
The benefit to Mediators is that they will avoid becoming an obsolete artifact of the past, like open SMTP relays. Regards, J.Gomez _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
