On Sat, Nov 12, 2022 at 7:32 AM Roland Turner <roland=
40rolandturner....@dmarc.ietf.org> wrote:
> On 11/11/22 23:09, Murray S. Kucherawy wrote:
>
> More concerning to me: The IETF has previously taken the position that the
> market will figure out spam and phishing, and therefore consideration of
> protocol solutions should be deflected. DMARC was the result. I feel
> that we leave this to the market, and that industry, at our own peril. I
> think we should give this a serious look before rejecting it outright.
>
> Are you able to state concisely why DMARC was a harmful outcome, assuming
> that's your intended meaning ("peril")? From my admittedly somewhat
> bystanderish perspective, DMARC looked like a great success, particularly
> after IETF repeatedly failing for more than a decade[1].
>
If you are an entity that uses direct mail flows as a large part of your
regular operation, you're probably happy with DMARC.
If you're the IETF or anyone else that makes prominent use of indirect
flows, you got burned by DMARC. It doesn't take much looking around to see
the side effects and workarounds people have had to deploy to continue to
operate in a DMARC world.
Balance those two against each other and, at least as a standards person, I
lean squarely into a negative opinion. I think it's reasonable to consider
a standard to have been successful when its deployment improves an area
without also damaging it. DMARC doesn't qualify. The whole reason the
DMARC working group was chartered is to make an attempt to address the
damage caused by the improper rollout of DMARC into mail flows where it
breaks far more than it fixes.
-MSK
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
