[Mailman-Developers] Two more DMARC mitigations
Jim Popovitch
jimpop at gmail.com
Fri Jun 13 07:21:37 CEST 2014
On Fri, Jun 13, 2014 at 12:39 AM, Stephen J. Turnbull
<stephen at xemacs.org> wrote:
> Jim Popovitch writes:
>
> > > Do you have specific complaints?
> >
> > Yes. Unless it's not already understood... the original idea
> > behind DMARC centered around non-human transactional emails
> > (Banking notifications, Facebook status updates, etc.).
>
> This was understood, and is why I call what Yahoo! and AOL are doing
> "abuse".
>
> But what is wrong with the spec itself, besides the potential for
> abuse?
>
> > Elizabeth got involved and the spec was morphed (i say bastardized)
>
> What changed that you object to?
One of the original __High-Level Goals__ was:
DMARC is intended to reduce the success of attackers sending mail
pretending to be from a domain they do not control, with minimal
changes to existing mail handling at both senders and receivers. It
is particularly intended to protect transactional email, as opposed
to mail between individuals.
If you go here:
https://datatracker.ietf.org/doc/draft-kucherawy-dmarc-base/ you can
see the early versions of the spec (under "History") contained the
word "transactional".
Also notice that the "diff from previous" comparisons, esp between
rev02 and rev01, seems to be missing several instances of the word
"transactional" (i.e. if the word was removed it should still be
visible on the left-hand side of the diff)
-Jim P.
More information about the Mailman-Developers
mailing list