On May 6, 2014, at 10:03 AM, Hector Santos <hsantos(_at_)isdg(_dot_)net> wrote:
On 5/5/2014 8:37 PM, Fred Baker (fred) wrote:
I guess we�re running it. I was hoping to avoid the �everything around
broke� part.
...
And what comes quickly to mind is the comment, earlier in this thread, that
�we have been running it for nine years.�
Running it, perhaps, but not learning from it. Kind of �Really Not The
Point�.
At the end of the day, this is all about the IETF desiring a "Freedom to
DKIM Sign/Resign Mail" at any middleware, host, router. hop, forwarder,
mailer, list service, etc, node along the transport part in the mail network
without author domain restrictions.
Either you believe in an author domain DKIM regulated mail system or not.
The resigners do not believe no one uses "strict" policies anyway, and if
Mom&Pop biz does, WHO CARES!! The IETF has certainly shown it doesn't.
That pretty much sums it up.
Hector,
Perhaps a different perspective could be useful. Rigidly constraining From
header fields or Return Paths disrupts legitimate communication since this does
not identify actual email sources. Source assessment is a far more effective
mitigation control over content filtering as demonstrated by evolving RTF,
Flash, Java, and Office vulnerabilities. SMTP lacks a federation feature found
in XMPP. Not having a means to federate control makes it difficult to exclude
a malicious source.
TPA approximates a federation scheme, whether from authentication invoked by a
From header field policy request or any other domain authentication method
used. TPA allows a sender (as an anchor) a means to authorize domains employed
by their users within a single DNS transaction. This allows a means to
establish an email-chain-of-trust making use of various authentication methods.
DMARC attempts to improve reliability by combining either aligned DKIM signed
content or SPF authorization. TPA attempts to overcome impediments these
methods impose in describing the actual system federation.
In developing regions, the percentage of compromised systems is high. A
federated system should greatly assist in identifying where malicious content
is being introduced and reduce the level of false detections, notifications,
and blocking actions.
Regards,
Douglas Otis