Jim Popovitch writes: > Bingo! The dmarc folks (many of who are IETF participants) ignored > and performed an end-run around the standards process.
Not really. The basic protocols (SPF and DKIM) are RFCs, and that's really what the IETF process is for. What people (including bloated corporate people) choose to do with those protocols is really outside of the RFC process, just as use of SMTP to spam (under your own From, spoofing does violate the RFC :-) is outside of the RFC process. That doesn't make what Yahoo! did "right", but as much as I disagree with DMARC's basic philosophy, I don't really think DMARC is a subject for the RFC process. I just think it's a problem from the point of view of maintaining the integrity of the Internet. > Dmarc designers choose to ignore these well defined RFC email > headers and, independently of any standards process, choose to > focus solely on the From header. They do have a point. Some users are extremely susceptible to fraud. Believe it or not, in Japan there's a species of fraud where criminals call more or less random phone numbers, identify themselves as the victim's child or spouse with "It's me. It's me!" and continue by requesting money to get themselves out of some kind of jam. The victim takes cash to the specified meeting place, only to find that the jam got worse and so a friend was sent to pick up the money. This actually works to the tune of 15,000 victims and $200 million in a bad year. That's the model that DMARC has of Internet users, so it's natural that they would focus on From. > After all, RFC 5322 is only 8 years old, not the decades that the > dmarc folks would like people to think. I haven't got that impression. I think they know what they're doing and have been quite forthright about it. They just are willing to hurt lots of people, break working mechanisms, and in the process undermine Internet governance, to reduce spam and phishing (which also hurt lots of people and break working mechanisms). I'm not sure what the top people at Yahoo! are thinking, though. Conspiracy theories may well be in order there. I suspect they're thinking the same kind of thoughts that caused Microsoft to think that breaking backward compatibility with Office '97 or so was a good idea. I hope they pay a similar price. Steve ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
