Yahoo DMARC breakage

• Previous message (by thread): Yahoo DMARC breakage
• Next message (by thread): Yahoo DMARC breakage
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Apr 9, 2014 at 8:04 PM, Miles Fidelman
<mfidelman at meetinghouse.net>wrote:
On 4/9/2014 7:25 PM, Miles Fidelman wrote:

> Yahoo! is choosing to apply the technology for usage scenarios that have
>> long been known to be problematic.  Again, they've made an
>
> In fact... it is too generous to say "known to be problematic".

Basic functionality is seriously and utterly broken ---  that DMARC doesn't
have a good answer for such situations, is a major indicator of its
immaturity,  in the sense that it is "Too specific" a solution and cannot
apply to e-mail in general.

If it were mature: a mechanism would be provided that would allow mailing
lists to function  without breaking changes such as substituting From:.

An example of a solution  would be the use of a DKIM alternative  with not
a single signature for the entire message,  but only partial signing   of
 parts of the message: specifically identified headers  and/or specific
body elements,   to validate  that the message was really sent and certain
elements are genuine ----  and certain elements were modified by the
mailing list.


> informed choice.  Whether it's justified and whether it was the right
>> choice is more of a political or management discussion than a technical one.
>>
>
The technical issue,  is that the immaturity of the related specs.   limits
  the decisions are available  for a particular domain ----  so,
essentially,  if you have certain kind of user traffic: you have to  incur
technical issues with mailing lists,  or forego using DMARC.

In other words:  much as you would like to dismiss as purely a managerial
decision  ----    the decisions available to be made are entangled with
 the limitations of the  technical options that are available  for
mitigating spoofing,

AND the public's understanding thereof.


>
>> In technical terms, DMARC is reasonably simple and reasonably well
>> understood and extensively deployed.
>>
>
I would say reasonably simple.
Only well-understood by a very limited fraction of the population of mail
operators.
Not widely deployed;  particularly on domains serving end user mailboxes.



>
>> For most discussions, that qualifies as 'mature'...
>>
>>
> Especially after reading some of the discussions on the DMARC mailing list
> where it's clear that issues of breaking mailing lists were explicitly
> ignored and dismissed.


+1.

Common use case ignored and dismissed, is a pretty convincing indicator of
a lack of maturity with regads to the spec.




>  Miles Fidelman
>
>
>
> --
> In theory, there is no difference between theory and practice.
> In practice, there is.   .... Yogi Berra
>
>
>


-- 
-Mysid

• Previous message (by thread): Yahoo DMARC breakage
• Next message (by thread): Yahoo DMARC breakage
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]