On May 10, 2015 11:55:22 AM EDT, "Stephen J. Turnbull" <[email protected]> wrote: >Scott Kitterman writes: > > > Yahoo, for example, already consider the impact of this and other > > breakage to be less than the benefit of p=reject. > >True, but the benefit of p=reject is huge: Yahoo! claims malicious >mailflows of more than a million messages per minute disappeared like >magic when they published p=reject. Such a flow surely stressed their >systems, and I'm sure they consider the potential for high losses due >to contact-list-based phishing to be important, if only for the damage >to their reputation that would ensue. > > > I expect their willingness to invest engineering resources in > > further reducing a level of breakage they've already determined is > > acceptable will be limited. > >Of course it's limited. But the only cap I can be sure of is the >difference between benefit of p=reject (see above) and cost (1 day of >manager-admin meetings to decide to do it, and 15 seconds of admin >time to change the DNS record, ie, basically zero). I believe that >difference to be orders of magnitude larger than the cost of >implementing a dozen delegation protocols, and therefore irrelevant. > >What matters is the benefit that the p=reject domains perceive to >improving service to their mailbox users. I have no information about >that. Of course I suspect that the value to them of such improvements >is close to nil, but until they actually say that, I'm going to hope. > >If you have better information about how much they value such >improvements, I'd love to hear about it. But I rather doubt you do; >the techs surely don't have the authority to say they will do it, and >at best a guess of what they need to offer management to get >permission, and management won't discuss the value of a bird in the >bush (not if they have half a brain amongst them, anyway).
I don't have any particular insight. I do think that the group ought to be paying close attention to those who do. As I attempted to communicate in my assessment framework proposal, whatever solution the group coalesces around has to be workable for entities from the largest to the smallest. I think we have three outcomes: 1. We develop something that's broadly deployable 2. Single actor approaches such as from rewriting dominate the solution space 3. Mediated mail communication becomes rare Scott K _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
