On 14/11/22 20:34, Murray S. Kucherawy wrote:
On Sat, Nov 12, 2022 at 7:32 AM Roland Turner
<roland=40rolandturner....@dmarc.ietf.org> wrote:
On 11/11/22 23:09, Murray S. Kucherawy wrote:
More concerning to me: The IETF has previously taken the position
that the market will figure out spam and phishing, and therefore
consideration of protocol solutions should be deflected. DMARC
was the result. I feel that we leave this to the market, and
that industry, at our own peril. I think we should give this a
serious look before rejecting it outright.
Are you able to state concisely why DMARC was a harmful outcome,
assuming that's your intended meaning ("peril")? From my
admittedly somewhat bystanderish perspective, DMARC looked like a
great success, particularly after IETF repeatedly failing for more
than a decade[1].
If you are an entity that uses direct mail flows as a large part of
your regular operation, you're probably happy with DMARC.
If you're the IETF or anyone else that makes prominent use of indirect
flows, you got burned by DMARC. It doesn't take much looking around
to see the side effects and workarounds people have had to deploy to
continue to operate in a DMARC world.
Balance those two against each other and, at least as a standards
person, I lean squarely into a negative opinion. I think it's
reasonable to consider a standard to have been successful when its
deployment improves an area without also damaging it. DMARC doesn't
qualify. The whole reason the DMARC working group was chartered is to
make an attempt to address the damage caused by the improper rollout
of DMARC into mail flows where it breaks far more than it fixes.
Thanks for clarifying and, yes, I see your point.
We may have to disagree on the acceptability of harm at all, or on the
level of harm (my perception is that IETF spent more than a decade
failing pretty exhaustively on finding harm-free solutions before DMARC
was introduced) but I suspect we can at least agree that harm-free
solutions should be adopted wherever possible in preference to narrow
action by a smaller group of practitioners; that the latter should be a
last resort rather than a first resort.
- Roland
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
