From: ietf [mailto:ietf-bounces(_at_)ietf(_dot_)org] On Behalf Of Murray S.
Kucherawy
Sent: Friday, April 18, 2014 11:41 AM
To: ned+ietf(_at_)mauve(_dot_)mrochek(_dot_)com
Cc: ietf
Subject: Re: DMARC from the perspective of the listadmin of a bunch of SMALL
community lists
On Fri, Apr 18, 2014 at 7:47 AM,
<ned+ietf(_at_)mauve(_dot_)mrochek(_dot_)com<mailto:ned+ietf(_at_)mauve(_dot_)mrochek(_dot_)com>>
wrote:
The message was pretty clearly, "We think DMARC is valuable enough to us
that we plan to deploy it even though it has the unfortunate side effect
of causing problems for mailing lists."
Allow me to rephrase: "We think getting our commerical mail through is worth
sacrificing all sorts of personal mail functionality users depend on. And we
don't care who it hurts, including some shops as large or larger than we are."
I'm not so sure delivery is the primary goal. Rather, "We're tired of the fact
that we are unable to control who generates mail that appear to come from our
domain(s), and it's hurting us" is how that should at least start. A tarnished
domain name has repercussions beyond just delivery of email.
MH: I’m going to disagree with Murray on the fact that it’s hurting us, the
company as the motivator, at least from my perspective. I see it as preventing
end users from getting hurt from this particular use case (direct domain
abuse). The further we (for some definition of we) can push bad actors from
reality (from the users perspective), the less likely they are to fall for
certain types of social engineering. I would hypothesize that increased abuse
of the type Yahoo has been seeing may be in part due to increased difficulty on
the part of malicious individuals in abusing brands implementing DMARC with
p=reject. P to P mail becomes increasingly attractive and the use of stolen
address books or user email addresses and information from stored messages can
be used to improve the effectiveness of the social engineer.
Mike