On April 15, 2023 8:17:41 PM UTC, John R Levine <[email protected]> wrote:
>> I'm assuming that the "long list of stinky possible workarounds" are the
>> existing "whatever" mitigations, and rewriting seems to be acceptable enough
>> as a mitigation to convince large [enterprise] mail systems to move forward
>> with restrictive policies. ...
>
>I think you are greatly overestimating the connection between cause and effect
>here. The people setting the policies have no idea what effect they have on
>their users, and to the degree they do, they do not care. IETFers at large
>organizations who support their IETF work, and that have p=reject, tell me
>they've told the IT departments that the policy is making it hard for them to
>get their work done and the response is either "duh?" or "not our problem."
>
>> I intentionally published > "p=quarantine pct=0" specifically to find the
>> MLMs that implemented no mitigations, weighed that against what I knew about
>> which receivers enforced non-mitigated mail, and then made a judgment call
>> to move forward.
>
>It sure would be nice if people at other organizations were as concerned about
>the quality of mail service to their users. But noooooo.
>
>> I believe Wei suggested that we need to find a better "whatever" (in the
>> form of an alternative to SPF and DKIM that works with mailing lists) ...
>
>I would like a pony, too. But ARC is as good as we have now and after a
>decade of beating our heads against the wall, I don't think we're going to
>find anything better. I've suggested a bunch of things that would make lists'
>life better, and nobody is interested:
>
Agreed.
If someone has a great idea for a third way in email authentication, they
should develop the idea, get some deployment experience, and then document the
protocol. After that would come the question of adding it to DMARC. This is
not the working group to do that work.
Scott K
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
