On Thursday, April 16, 2015 4:11 PM [GMT+1=CET], Scott Kitterman wrote: > I will probably regret this, but since people are throwing around > things like Pareto to argue in favor or against specific solution > areas, I thought it might be useful to take a step back and look at > what might make a solution (or set > of solutions) useful to pursue. > > For indirect mail flows like mailing lists, there are three actors > involved: > > 1. Originator > 2. Mediator > 3. Receiver > > For the purposes of this discussion I'll further categorize the > entities involved as big and small (yes, it's way more complex than > that, but I think that's sufficient). > > That leads to six combinations: Originator/Big, Originator/Small, > Mediator/Big, Originator/Small, Receiver/Big, and Receiver/Small. > > There have been solutions proposed that only require changes for one > of the three above, that require changes at two of the above, and > that require > changes at all three.
Nice framework. I'd like to note that it is the presence/existance of actor "Mediator" which induces the DMARC compatibility problems with indirect flows. I.e., if you supress the Mediator, all is fine and dandy. That fact should at leat put some pressure on Mediator regarding the searching for a solution, and should induce Mediator to acknowledge that he will have to assume certain costs for such a solution. I see Originator already assuming costs: deploying SPF in DNS and keeping it current, deploying DKIM records and DKIM-signing outgoing email, deploying DMARC records and being vigilant regarding Header-From alignment in his outgoing email, etc. And I see Receiver already assuming costs: setting up systems to check SPF, DKIM and DMARC for incoming email, dealing with the support costs of false positives and phised users, sending out DMARC reports, etc. What costs are Mediators currently taking to improve validation/authentication of the email system as a whole? Regards, J.Gomez _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc