Hello esteemed colleagues, I'm sure we're on the cusp of a future where only "Authenticated Mail of the Fifth Kind" will reign supreme—much like the exclusive club of Submission Protocol requiring ESMTP AUTH on the ultra-special port 587. And surely, the ever-trusted port 25 will forever stand as a beacon of hope, right? Because how could we possibly survive without unsolicited, unauthenticated messages?
Perhaps, just perhaps, in this utopian future, every sender will be upstanding citizens with impeccable SPF and DKIM policies. But of course, if any domain dares to relax these stringent policies, the noble and always compliant receivers will swoop in to defend the realm. And heaven forbid the receivers falter, for the all-seeing MAEA "Mail Authentication Enforcement Agency" is ever watchful, ready to unleash a fine. And maybe, just maybe, we'll live in a world where the almighty MAEA gets to play tax collector, ensuring every sender pays their dues. Ah, but not the Fidonet and QWK loyalists! They'll be cruising without a care, exempt from the MAEA's grasp. All in jest, of course, but it's food for thought! Best regards, Hector Santos > On Sep 16, 2023, at 11:18 PM, Barry Leiba <barryle...@computer.org> wrote: > > I believe, with you, that there's likely to be a time when > unauthenticated mail simply will not be delivered by most receiving > domains. I similarly believe (as the owner of a Tesla) that there > will be a time when cars will be self-driving in the vast majority, > and that that will make the roads both safer and more efficient. > > Neither of those situations is here yet, though, and neither is likely > to arrive very soon. Some day, yes. Not yet, and not soon. > > While we can certainly discuss the former -- particularly with a focus > on what needs to happen before that situation can be realised -- we > need to first make sure that we resolve the few remaining issues in > the DMARCbis and reporting documents and get them published. > > Barry > > On Sat, Sep 16, 2023 at 6:56 AM Douglas Foster > <dougfoster.emailstanda...@gmail.com> wrote: >> >> Yes, I suspected awhile back that I was the only one in the world >> implementing mandatory authentication. This group has confirmed it. >> >> But I hold out hope thst others will see the opportunity that it provides. >> Perhaps someone will read my Best Practices draft and sponsor it as an >> individual contribution or experimental draft. >> >> Doug >> >> >> On Fri, Sep 15, 2023, 9:26 AM Barry Leiba <barryle...@computer.org> wrote: >>> >>>> Content filtering creates a need for whitelisting >>>> Any domain may require whitelisting, regardless of sender policy. >>>> Whitelisting is only safe if it is coupled with an authentication >>>> mechanism which prevents impersonation. >>>> Therefore, sender authentication, by a combination of local policy and >>>> sender policy, needs to be defined for all possible messages. >>> >>> The last statement there is where things go off the rails. No, >>> nothing has to work perfectly here, and mechanisms are useful and can >>> well be standardized even when they don't work in "all possible" >>> situations. >>> >>> It's really important that we stop insisting on perfection or nothing, >>> as that's a false dichotomy. What we have now is demonstrably useful >>> as *part of* an overall system. We need to move forward with >>> finishing the document. >>> >>> Barry >> >> _______________________________________________ >> dmarc mailing list >> dmarc@ietf.org >> https://www.ietf.org/mailman/listinfo/dmarc > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
