ietf
[Top] [All Lists]

Re: What I've been wondering about the DMARC problem

2014-04-15 12:01:18
On 4/15/2014 9:52 AM, Miles Fidelman wrote:

Which does bring us back to the question of how to deal with "bad
actors" (or at least "irresponsible actors" or "uncooperative actors")
within a cooperative governance framework.  Sigh.... Miles


Welcome to the club. I've been wondering about that same issue with
regards to getting adoption of BCP38 for over a decade. :-)

- ferg



Seth Johnson wrote:
They're forcing adoption -- while folks have not been addressing this
piece of the inter-governmental frame.  :-)


On Tue, Apr 15, 2014 at 12:35 PM, Miles Fidelman
<mfidelman(_at_)meetinghouse(_dot_)net 
<mailto:mfidelman(_at_)meetinghouse(_dot_)net>> wrote:

    Dave Crocker wrote:

        On 4/14/2014 6:45 PM, Brian E Carpenter wrote:

            I thought that standard operating procedure in the IT
industry
            was: if you roll something out and it causes serious
            breakage to
            some of your users, you roll it back as soon as possible.

            Why hasn't Yahoo rolled back its 'reject' policy by now?



        As the most-recent public statement from Yahoo, this might
        have some tidbits in it that are relevant to your question:



       
http://yahoo.tumblr.com/post/82426971544/an-update-on-our-dmarc-policy-to-protect-our-users



    You mean the part where they say:
    "We know there are about 30,000 affected email sending services,
    but we also know that the change needed to support our new DMARC
    policy is important and not terribly  difficult to implement. We
    have detailed the changes we are requiring here
   
<http://yahoomail.tumblr.com/post/82426900353/yahoo-dmarc-policy-change-what-should-senders-do>."


    I.e., 'not our problem'

    Miles Fidelman


    --     In theory, there is no difference between theory and practice.
    In practice, there is.   .... Yogi Berra






-- 
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2