On Mon, 10 Apr 2023, Alessandro Vesely wrote:
On Sat 08/Apr/2023 15:59:30 +0200 John Levine wrote:
It appears that Eric D. Williams <e...@infobro.com> said:
-=-=-=-=-=-
I think the reliance upon list operators is properly placed on that role.
It's not a DMARC problem, it's a DKIM problem, I think.
No, it's a DMARC problem. DKIM didn't cause any problems for mailing lists
(ignoring ill-advised and never used ADSP) until DMARC was layered on top
of it, and AOL and Yahoo abused it to foist the support costs on the rest
of the world after they let crooks steal their users' address books.
That's how it happened. Can we now accept their push? After so many email
addresses became public, how about accepting that email addresses being
public doesn't have to imply that anyone can impersonate them?
No, that's not what happened. People had been faking AOL and Yahoo
addresses forever and the providers dealt with it. The problem was that
spammers used the stolen address books to send spam from the addresses of
people the recipients knew, and they were flooded with complaints "why are
my friends spamming me." It's entirely the fault of those providers'
poor security.
Re impersonating, until DMARC can tell the difference between
impersonation and the kinds of ordinary forwarding we've been doing since
the 1980s, nope.
R's,
John
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
