I figure GMail and Yahoo run their own implementation, whereas large ESPs I've
seen do indeed run open-source products on commodity hardware.
FYI: My background includes large-scale WebOps, mail service providers and HPC
engineering. I think I still have a Port25 shirt somewhere, these folks where
rather reasonable, and I think they would not mind to add more security to
their (quite excellent) product.
Um, port25 has nice tee shirts but it isn't open source. You must know
different ESPs than I do if they're running postfix or other open source
stuff. ESPs tend to run port25, large ISPs run Openwave or Momentum, the
largest ISPs as you say rull their own. Medium sized businesses may use
Exim or Postfix, but a lot use nicely packaged stuff like MDaemon.
Because nobody cares to MITM DMARC reports, at least I wouldn't.
We really need a threat model beyond "someone might be spying on me."
If you look at the MITM paper by Durumeric et al., particularly tables 12
and 15, it looks like overall the biggest cause of STARTTLS failures was
corporate firewalls, and beyond that there are some places wwhere it looks
like the ISPs MITM some or all of the mail traffic, notably Tunisia. I
can only guess what they're looking for, but it seems kind of a stretch
the think they'd be looking for reports with XML or JSON attachments.
Regards,
John Levine, [email protected], Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
