On Fri, Jun 13, 2014 at 12:39 AM, Stephen J. Turnbull <stephen@xemacs.org> wrote:
Jim Popovitch writes:
Do you have specific complaints?
Yes. Unless it's not already understood... the original idea behind DMARC centered around non-human transactional emails (Banking notifications, Facebook status updates, etc.).
This was understood, and is why I call what Yahoo! and AOL are doing "abuse".
But what is wrong with the spec itself, besides the potential for abuse?
Elizabeth got involved and the spec was morphed (i say bastardized)
What changed that you object to?
One of the original __High-Level Goals__ was:
DMARC is intended to reduce the success of attackers sending mail pretending to be from a domain they do not control, with minimal changes to existing mail handling at both senders and receivers. It is particularly intended to protect transactional email, as opposed to mail between individuals.
If you go here: https://datatracker.ietf.org/doc/draft-kucherawy-dmarc-base/ you can see the early versions of the spec (under "History") contained the word "transactional".
Also notice that the "diff from previous" comparisons, esp between rev02 and rev01, seems to be missing several instances of the word "transactional" (i.e. if the word was removed it should still be visible on the left-hand side of the diff)
-Jim P.