On 12/19/2016 3:12 AM, Harald Alvestrand wrote:
The ISE mechanism exists to get things published that matter to the
Internet.
It was clear at the time DMARC was published that it would be used
whether it was published as an RFC or not. Publishing the document at
least gave us a stable reference to be angry at.
It would actually be harder to publish a document saying "DMARC is bad,
don't use it, use that other thing instead" if there was no stable
reference for what we mean by DMARC.
I'd describe the so-far inaction more as "shut your eyes and hope it
will go away when others figure out that the solution is bad" than as
"sitting on the fence". Didn't work any better, though.
Lets keep in mind the proposed standard ADSP was officially abandoned
by the same group that pushed the informational status "Super ADSP"
DMARC replacement protocol. This replacement did absolutely nothing
to resolve the long time fundamental problem of addressing "middle
ware" (list servers) breaking DKIM signed electronics messages nor the
authorization of 3rd party signers.
We should perhaps recognize it is time to also abandoned DMARC as well
or fix it with the many suggested improvements, including 3rd party
authorization DNS lookups which is far simpler and "cheaper" than
adding additional complexed headers and overhead to the mail system.
Its not even a "proposed standard" document
We wanted list systems to change but we don't want the change to
include DNS lookup protocols. Instead, we pushed very complex mail
altering algorithms and that just isn't working -- obviously.
In my opinion, the IETF has failed the small to mid size
implementators by catering to the "super large scale" mail providers.
That also needs to change within the IETF. A protocol that is
written correctly fits all. Size shouldn't matter. That philosophy
has been lost, unfortunately.
Happy Holidays
--
HLS