On 5/11/2015 10:33 PM, Scott Kitterman wrote:
On Tuesday, May 12, 2015 11:17:08 AM Stephen J. Turnbull wrote:
Scott Kitterman writes:
> Actually, the idea behind MARID was to come up with a single
> solution
Is there something we can learn from MARID? I don't see it in the
context of the current discussion, as MARID had little to say about
third parties (it treated them as first parties, and handled third
party issues by suggesting "certification registries"), and explicitly
disclaimed authentication of authorship claims.
I think the situation is different enough in many respects that there's not
much to learn from it today. I mostly responded because I think that if
people do discuss history, they ought to be accurate about it.
You should be careful of accusing me of being inaccurate. I said
nothing inaccurate about MARID and the history of SPF.
My point is very simple and its a fact. You should be very lucky that
many folks like myself and others argued for SPF even though there
were much DNS concerns and that included concerns how the larger mail
providers can resolve IP transition problems and their inability to
use strong policies that can offer a big payoff in results. Still to
this day, most, if not all of the ESP domains, can not use a -ALL policy.
If there's a lesson to be learned it's that the complete lack of existence of
those certification registries ought to perhaps give pause to those arguing for
similar things now. For SPF there was a service for some time called trusted-
forwarder.org, but it never really got much traction.
Most people didn't want centralization (yet)-- this was one of the
outcomes from MARID.
For the record, I am not advocating a centralized lookup.
The reasons MARID was terminated with no output (none of the SPF and Sender-ID
RFCs were working group products, they were done independently after the
working group was closed and both were different in important respects than
what MARID was working towards) were, IMO, entirely non-technical.
There were plenty of outcomes from MARID and the direction to complete
the RFCs were among them. SUBMITTER was the first to be completed
with the first RFC#, the 4405 to 4408 series of MARID generated RFC
results.
For the public record, I was pointing SPF did indeed and still does
have a registration problem the big domains still have. None of them
can use a -ALL and if they did, we can expect they will begin to get
many false positives. SPF has a higher overhead than DMARC+ATPS
would have. SPF has INCLUDE statements which is functionally
equivalent to a registration concept when it uses this as a means to
include authorized mail senders.
--
HLS
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
