What is the operational experience with domains that stop at o=quarantine?

On Sun, Apr 9, 2023, 5:28 PM Murray S. Kucherawy <superu...@gmail.com>
wrote:

> On Sun, Apr 9, 2023 at 2:07 PM Douglas Foster <
> dougfoster.emailstanda...@gmail.com> wrote:
>
>> As an evaluator, what I can accept is that "Some intermediaries could be
>> allowed to make some changes y do want unrestricto messages, if I have a
>> list of intermediaries that should be allowed, sufficient reason to trust
>> what they propose to do, and a reliable way to identify them."    I do
>> exceptions all the time.   But lists don't want to make special
>> arrangements with evaluators, and don't want to make special arrangements
>> with senders.  Apparently, lists don't even want to do rigorous
>> verification to ensure that a post comes from the purported subscriber.
>>  But theted access to evaluators that filter based on simplistic triggers
>> like "p=reject".
>>
>
> I see two issues with this line of thinking:
>
> (1) "I do exceptions all the time" works when you are a relatively small
> operator with a relatively small user base for whom you need to configure
> exceptions.  You can get away with doing those manually.  What size staff
> do you imagine GMail would need to hire to investigate and configure manual
> exceptions on a timely basis for each time one of its billion-plus users
> wants to subscribe to a mailing list?  The notion screams for automation,
> and automation screams for something deterministic or at least close to it
> upon which to base automated decisions.  That last bit is what's missing
> here.
>
> (2) "But lists don't want to make special arrangements with evaluators,
> and don't want to make special arrangements with senders".  They might, if
> there existed a reliable way to do so.  How would you accomplish this in a
> way that prevents an attacker from making you think he's a list, and then
> sending whatever he wants from inside that trust boundary?
>
> I think evaluators SHOULD NOT block on simplistic rules like p=reject,
>> because a correct p=reject block requires follow-on work to block
>> everything else from that malicious source, and should not be done
>> incorrectly.   They should review, either with pre-quarantine or
>> post-audit, which is what I do.  I have no problem with
>> disposition=quarantine, even for p=none.   I am obligated to protect my
>> users, while also obligated to provide my users the messages they need, not
>> the ones that are technically optimal   I don't understand why Big Tech and
>> its A.I. tools cannot be deployed to do the best thing.
>>
>
> I'm pretty sure they could, for their own use cases.  But what about the
> operators in between, who aren't Big Tech and don't have AI tools?  A
> standard has to work for everyone.
>
> -MSK, participating
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Reply via email to