The court system is a poor substitute for prior deterrence or attack disruption. DMARC seems to do both.
The Internet limits the utility of legal remedies because of the difficulty of attribution, a problem which also DMARC helps to solve. Litigation is also hampered by jurisdictional boundaries that create little risk of consequences for the perpetrators of crime. This forum was proposed for upgrading DMARC from informational status to standard status. Instead, it has become a conspiracy to demolish it. The MLM problem will only be :"solved" if DMARC is completely abandoned, so that spoofing is once again uninhibited. Therefore, moving from normal IETF "suggestion" mode to "enforced" mode will be necessary to achieve what MLM proponents want. It is not what I am advocating; quite the reverse. I am advocating for MLMs to stop spoofing and make their peace with DMARC. DF ---------------------------------------- From: Benny Lyne Amorsen <benny+use...@amorsen.dk> Sent: 7/20/20 5:44 AM To: dmarc@ietf.org Subject: Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations "Douglas E. Foster" <fost...@bayviewphysicians.com> writes: > Ultimately, this becomes a question of power. Do domain owners have > the right, with the help of their correspondents, to prohibit spoofing > (unauthorized use) of their digital identity? Domain owners are free to use the court system to assert trademark rights and copyright. They are also free to apply whichever seals of digital identity that they want, of course. > Or since they are technically leaseholders, not owners, are their > rights conditional? You seem to be laboring under the impression that domain owners have a right to compel mail recipients to respect a DRM scheme. This is not the case. You can try to sue Google to force them to reject incoming email with your domain in the From: field and no valid DKIM (or whatever) signature, of course, but I have a hard time imagining which right you would assert to make the suit successful. > Specificslly, do Internet insiders have the right to declare their > spoofing control efforts to be based on foolish premises, both > unnecessary and inconvenient, and therefore not allowed? No one, certainly not "Internet insiders" of which I am certainly not one, is stopping you from doing whichever spoofing control efforts you want on your systems. Feel free to keep p=reject on your domains. Many mail servers will keep using that as a signal among many others, rather than as a blanket reject. If you want recipient mail servers to change that policy you can either do it by convincing their administrators or by getting a law passed. So far you appear to favour the latter approach, with your focus on "prohibit" "unauthorized use" and "rights". The IETF is not a lawmaking body, so it appears there are better venues for you. _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
