On Fri, Jun 13, 2014 at 9:51 AM, Ted Lemon
<ted(_dot_)lemon(_at_)nominum(_dot_)com> wrote:
On Jun 13, 2014, at 9:41 AM, Tony Finch <dot(_at_)dotat(_dot_)at> wrote:
BUT! These systems do not use the MIME external body mechanism, because
it
is common for mail servers to reject these messages on the grounds that
they are too difficult to properly scan for viruses.
The end result is something pretty simiilar to MIME external bodies, but
a complete mess from the protocol architecture point of view.
Ouch. Yet another reason why a flag day may be necessary to improve the
situation.
Now I will note that this is the sort of use of mail that people think we
can fix and that the only difference between this use and the ones people
think we can't change is where they got invented and by who[1].
What really needs to happen is that the external body mechanism needs to be
integrated into the virus scanning mechanism and both have to support use
of digital signatures so that senders can be appropriately whitelisted.
At the moment the mail systems make no distinction between someone outside
my company sending me a ZIP file and me sending a ZIP file to my engineers.
That is due to the mail protocols being defective.
Maybe the value of DMARC lies in that it will impose some pain on the
community that has the ability to make changes to the mail system for a
change.
[1] Strictly speaking it 'should' be whom but I think that particular word
has been de facto deprecated.