Yahoo DMARC breakage
Dave Crocker
dhc2 at dcrocker.net
Thu Apr 10 00:50:00 UTC 2014
On 4/9/2014 7:25 PM, Miles Fidelman wrote:
> Dave Crocker wrote:
>> Everything they are doing is "legal".
>>
>> Your (possibly entirely valid) assessment that their action is
>> ill-advised or unpleasant does not equal broken.
>
> Well, sort of - given that DMARC is still an Internet draft, not even an
> experimental standard. Maybe it's doing what the draft says it is - but
> it's an alpha-level protocol, that breaks a lot of things it touches. If
> not "broken" it's certainly "not ready for prime time" - and large scale
> deployment is akin to a DDoS attack - i.e., not "ill-advised" but
> verging on criminal.
While IETF "full" standards status does indicate real deployment and
serious technical maturity, IETF Proposed Standard does not mean mature
or immature, given the varied history of work leading to Proposed.
SSL was quite mature, before the IETF did enhancements to produce TLS.
The IETF's version of DKIM was essentially v4 for the technology.
DMARC is estimated to currently cover roughly 60% of the world's email
traffic. As "not ready for prime time" goes, that's quite a lot of
prime time.
Yahoo! is choosing to apply the technology for usage scenarios that have
long been known to be problematic. Again, they've made an informed
choice. Whether it's justified and whether it was the right choice is
more of a political or management discussion than a technical one.
In technical terms, DMARC is reasonably simple and reasonably well
understood and extensively deployed.
For most discussions, that qualifies as 'mature'...
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
More information about the NANOG
mailing list