On Sat, Nov 12, 2022 at 7:32 AM Roland Turner <roland= 40rolandturner....@dmarc.ietf.org> wrote:
> On 11/11/22 23:09, Murray S. Kucherawy wrote: > > More concerning to me: The IETF has previously taken the position that the > market will figure out spam and phishing, and therefore consideration of > protocol solutions should be deflected. DMARC was the result. I feel > that we leave this to the market, and that industry, at our own peril. I > think we should give this a serious look before rejecting it outright. > > Are you able to state concisely why DMARC was a harmful outcome, assuming > that's your intended meaning ("peril")? From my admittedly somewhat > bystanderish perspective, DMARC looked like a great success, particularly > after IETF repeatedly failing for more than a decade[1]. > If you are an entity that uses direct mail flows as a large part of your regular operation, you're probably happy with DMARC. If you're the IETF or anyone else that makes prominent use of indirect flows, you got burned by DMARC. It doesn't take much looking around to see the side effects and workarounds people have had to deploy to continue to operate in a DMARC world. Balance those two against each other and, at least as a standards person, I lean squarely into a negative opinion. I think it's reasonable to consider a standard to have been successful when its deployment improves an area without also damaging it. DMARC doesn't qualify. The whole reason the DMARC working group was chartered is to make an attempt to address the damage caused by the improper rollout of DMARC into mail flows where it breaks far more than it fixes. -MSK
_______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim