[Mailman-Developers] Fixing DMARC problems with .invalid munge
Stephen J. Turnbull
stephen at xemacs.org
Tue May 6 08:39:36 CEST 2014
John Levine writes:
> I wouldn't waste time worrying about whether various hacks might make
> it 0.0001% easier to phish people.
Will you please stop focusing on *your* logic, and start thinking
about what happens if people with different interpretations of the
facts take action on those interpretations?
*I* am not really worried about 0.0001% easier to phish (although I
think my "2%" is a more accurate estimate). What I worry about is
"what if Yahoo! and AOL think ...". We already know that they think
differently from us. They are desperate and grasping at straws, as
far as I can see. The whole SPF-ADDoS-DKIM-DMARC path shows that they
are unwilling to bite the bullet of the obvious (and obviously
correct) solution: proper per-author digital signatures by default.
DMARC, as far as I can see (and have previously argued), is a good
optimization for corporate authors, where users of a mailbox in a
domain are delegates of the corporate owner of the domain. Where that
is not true, it sucks for a whole slew of reasons, yet AOL and Yahoo!
are trying to apply it.
More information about the Mailman-Developers
mailing list