ietf-822
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-822] WSJ/gmail/ML, was a permission to...

2014-05-04 05:01:12
from [Alessandro Vesely] [Permanent Link] 
On Sat 03/May/2014 22:31:17 +0200 Rolf E. Sonneveld wrote:

On 05/03/2014 08:29 PM, Alessandro Vesely wrote:

On Fri 18/Apr/2014 14:37:21 +0200 John Levine wrote:

I also note that this hack, with or without Ale's changes, does
nothing to solve the send from gmail and WSJ article problems.

Those two problems can be solved in different ways.  Gmail could use a
third party's submission server just like they use its pop/imap one.
WSJ could write "WSJ.com" in the From: and the purported issuer in the
Subject: (and possibly also Reply-To:) instead of their currently
doing the other way around.


In your proposal one spam/phishing fighting technique (DMARC) requires
(at least) three techniques to solve its problems (which in turn may
require another 3^2 techniques to solve their problems, which ... 3^n
techniques ... et cetera).


It is not going to be exponential since the number of techniques
needed to solve this particular problem is dominated by the total
number of techniques available at this time :-)

Seriously, I'm not inventing anything new here.


Also:

    In order to get weak signatures, a mailing list needs to let its
    posters' domain admins know which posters post to which addresses.
    It is advisable to ask for posters' permission to do so.

That can be done manually for the time being.  Imagine lots of
ML-admins writing to the relevant postmasters asking to apply
low-profile signatures for specific MAIL FROM/RCPT TO pairs.


This really doesn't scale. Maybe you have the few TBTI ESP's in mind,
of which there are only a few. But each domain that starts using
p=reject will introduce a new set of relations (ML-admins-postmaster),
which in turn will grow exponentially.


You're right, this is something of a hassle.  However, there are some
upper bounds, the number of users in a domain, the number of lists a
user is subscribed to,  the number of subscribers in a list.  By using
appropriate modes and formats, it won't be overwhelming.  When the
ball starts rolling it might become somewhat manageable, certainly
better than if each poster had to ask her/his postmaster the same
thing individually.

Those ML-admin-postmaster relationship are a plus, as they give an
occasion to meet and talk.  We may regard that happening as a
demonstration, which we call in order to drive the change.

Ale

_______________________________________________
ietf-822 mailing list
ietf-822(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-822
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-822] WSJ/gmail/ML, was a permission to..., Alessandro Vesely
Next by Date:  Re: [ietf-822] WSJ/gmail/ML, was a permission to..., Miles Fidelman
Previous by Thread:  Re: [ietf-822] WSJ/gmail/ML, was a permission to..., Rolf E. Sonneveld
Next by Thread:  Re: [ietf-822] WSJ/gmail/ML, was a permission to..., Brandon Long
Indexes:  [Date] [Thread] [Top] [All Lists]