On May 11, 2014, at 12:47 PM, Gabriel Iovino <giov...@people.ops-trust.net> wrote:
> Greetings, > > Last week I was having a conversation with a familiar person on this > mailing list and I was expressing my disappointment with the > negativity towards Yahoo[1] and AOL[2] for "breaking" email. I was > encouraged to share these thoughts on this list. > > I believe email is already broken[3][4][5][6] and DMARC "p=reject" > moves us towards a position where email is "less" broken. Will there > be some bumps[7] along the road? Sure but a few bumps are no reason to > leave email in it's current state. > > I applaud Yahoo and AOL for taking the first few punches and I look > forward to the day when Google and Microsoft follow their lead. > > Thank you for all the hard work you have done to improve the state of > email! > > Gabriel Iovino Dear Gabriel, While email is generally abused, DMARC's intent was to better protect transactional email which Yahoo may put in jeopardy. There will be a forthcoming draft to allow Author-Domains a means to request restrictive policies against normal user email accounts without disrupting very legitimate communications. The draft places the burden of mitigating disruption on those making the requests. Otherwise, it won't be too much longer before even DMARC is ignored when misapplied against user accounts. Yahoo has suffered from a lack of security permitting millions of their users accounts to be compromised. A better approach would not use DMARC, but would federate third-party services they can see their customers employ. The federation of email, much like that of XMPP, would be an effective means to exclude bad actors without breaking mailing-list and other third-party email services. As it is now, it seems Yahoo only protects their own mailing-list operations which really does not warrant a basis for applauding such efforts. Regards, Douglas Otis _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc