On Sat, Apr 15, 2023 at 1:40 PM Scott Kitterman <skl...@kitterman.com> wrote:
> > > On April 15, 2023 8:17:41 PM UTC, John R Levine <jo...@taugh.com> wrote: > >> I'm assuming that the "long list of stinky possible workarounds" are > the existing "whatever" mitigations, and rewriting seems to be acceptable > enough as a mitigation to convince large [enterprise] mail systems to move > forward with restrictive policies. ... > > > >I think you are greatly overestimating the connection between cause and > effect here. The people setting the policies have no idea what effect they > have on their users, and to the degree they do, they do not care. IETFers > at large organizations who support their IETF work, and that have p=reject, > tell me they've told the IT departments that the policy is making it hard > for them to get their work done and the response is either "duh?" or "not > our problem." > > > >> I intentionally published > "p=quarantine pct=0" specifically to find > the MLMs that implemented no mitigations, weighed that against what I knew > about which receivers enforced non-mitigated mail, and then made a judgment > call to move forward. > > > >It sure would be nice if people at other organizations were as concerned > about the quality of mail service to their users. But noooooo. > > > >> I believe Wei suggested that we need to find a better "whatever" (in > the form of an alternative to SPF and DKIM that works with mailing lists) > ... > > > >I would like a pony, too. But ARC is as good as we have now and after a > decade of beating our heads against the wall, I don't think we're going to > find anything better. I've suggested a bunch of things that would make > lists' life better, and nobody is interested: > > > > Agreed. > > If someone has a great idea for a third way in email authentication, they > should develop the idea, get some deployment experience, and then document > the protocol. After that would come the question of adding it to DMARC. > This is not the working group to do that work. > Agreed such a proposal shouldn't be worked on in DMARC. Also agreed that it's a good idea to get deployment experience. That said, I think there is a lot of value in getting early IETF feedback in some other forum/mailing-list to help review the potential proposals. -Wei > > Scott K > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
