On 04/25/2015 11:50 AM, J. Gomez wrote:
On Thursday, April 16, 2015 4:11 PM [GMT+1=CET], Scott Kitterman wrote:
I will probably regret this, but since people are throwing around
things like Pareto to argue in favor or against specific solution
areas, I thought it might be useful to take a step back and look at
what might make a solution (or set
of solutions) useful to pursue.
For indirect mail flows like mailing lists, there are three actors
involved:
1. Originator
2. Mediator
3. Receiver
For the purposes of this discussion I'll further categorize the
entities involved as big and small (yes, it's way more complex than
that, but I think that's sufficient).
That leads to six combinations: Originator/Big, Originator/Small,
Mediator/Big, Originator/Small, Receiver/Big, and Receiver/Small.
There have been solutions proposed that only require changes for one
of the three above, that require changes at two of the above, and
that require
changes at all three.
Nice framework.
I'd like to note that it is the presence/existance of actor "Mediator" which
induces the DMARC compatibility problems with indirect flows.
I.e., if you supress the Mediator, all is fine and dandy. That fact should at
leat put some pressure on Mediator regarding the searching for a solution, and
should induce Mediator to acknowledge that he will have to assume certain costs
for such a solution.
I see Originator already assuming costs: deploying SPF in DNS and keeping it
current, deploying DKIM records and DKIM-signing outgoing email, deploying
DMARC records and being vigilant regarding Header-From alignment in his
outgoing email, etc.
And I see Receiver already assuming costs: setting up systems to check SPF,
DKIM and DMARC for incoming email, dealing with the support costs of false
positives and phised users, sending out DMARC reports, etc.
What costs are Mediators currently taking to improve validation/authentication
of the email system as a whole?
and what benefits do they get in return?
/rolf
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
