On 07/22/2018 02:03 PM, John Levine wrote:
No, it was specified in full knowledge that it would break pretty much
every mailing list on the planet if used on domains with human users,
instead of its intended target of notices from robot domains like
paypal.com.
I choose to believe the mailing lists were behaving improperly.
To me, DMARC (including SPF and DKIM) is a method to determine if a
message is coming from the original source (or authorized delegate).
Where email is a combination of the message data and SMTP transaction
delivering said message.
That's why we have ARC, once AOL and Yahoo abused it to solve the problem
they created when they let crooks steal their users' address books.
I assume you are referring to "DMARC" when you say "…abused /it/ to solve…".
I feel like AOL's and Yahoo's actions are just additional gas on the
fire that has been burning for a long time. The problem of bad actors
spoofing message senders exists independently of AOL and Yahoo. Did
their (in)actions make the problem worse, probably. Did they cause the
problem? No. Did they exceed critical mass? I don't think so. Rather
I think it was past the critical mass long before AOL and Yahoo fueled
the fire.
--
Grant. . . .
unix || die
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
