Hi Doug,
At 14:32 22-05-2014, Douglas Otis wrote:
The goal of federated services is to prevent inclusion of unknown
servers. It does not in itself exclude bad stuff. When bad stuff
is noted, federation enables blocking future exchanges. Direct
tweets are possible, although messaging constrained to 140
characters is difficult to take seriously since it is nearly
impossible to know whether a tweet is being auto-generated. Much of
it is. The way this would relate to DMARC is in the handling of
non-aligned messages. When sources are identified, and feedback is
generated for all known exceptions, it should not be difficult to
then invert "block" logic into "accept" logic.
The question I asked was: is federation effective in excluding bad
stuff? The reason I asked that question is to be able to form an
opinion about the idea of an email federation. The above explains
that the email federation is about preventing the inclusion of
unknown servers. That does not help me in forming an opinion about
the idea (see the question I asked). I used tweeter as an example of
a closed system. The argument was that bad stuff can happen in a
system in which the owner has full control.
Imagine your domain supporting millions of users had their accounts
exposed along with their address-books. This can easily get ugly in
respect to the harm this would allow.
I read that "information security and customer data protection are of
paramount importance". My interpretation of that is that the
importance is ranked higher than money. My interpretation would be
incorrect if my domain had millions of accounts exposed. Someone
might also point me to http://www.dilbert.com/strips/comic/2014-05-19/
I supported a system that reported on _all_ identified bad IPv4
addresses. To do this, it required careful exclusion of those
randomly assigned addresses. We would then apply about 15 million
updates every 5 minutes for the entire IPv4 address space
orchestrated by two redundant servers. This information then
supported several very large ISPs. The larger ISPs wanted to do
zone transfers, but a DMARC exception rate for an Author Domain will
be several orders of magnitude lower in scale. I'll admit this was
all done using C code that avoided SQL or Hadoop. Judy is your friend. :^).
I'll make this a little complicated for you. Could that system also
be used for IPv6 addresses?
Regards,
S. Moonesamy
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc