24 Sep
2017
24 Sep
'17
2:24 a.m.
On 09/23/2017 08:12 AM, Theodore Ts'o wrote:
DMARC is only useful if you are worried about people
trying to use
your domain for phishing purposes. This is more of an issue for
Paypal.com and bankofamerica.com. In general it's not really an issue
for thunk.org and tnetconsulting.net.
That is your opinion. Mine happens to differ. I think we're both
adults and can agree to disagree.
DKIM and SPF are useful if you need to interoperate
with big, free
e-mail systems such as Yahoo, AOL, and Google which are *using* DMARC.
Using DKIM and SPF are useful in trying avoid your site from falsely
being accused as being a spammer.
I feel like DMARC is just the latest technology / technique that is
causing ripples in the pond. - I seem to remember similar ripples when
SPF, and DKIM to a lesser degree, were introduced became more popular.
DMARC has no real value, and in fact has negative
value, as it means
that when you send e-mail from a DMARC site that causes other people
to be ejected off of mailing lists, the mailing list administrator may
decide that you are actively causing harm to the community, and simply
prevent you from sending mail to the mailing list all.
I believe DMARC does have value, and will have more value in the short
to mid-term future.
I acknowledge the perceived negative value of DMARC. I expect that
other anti-spam techniques caused similar perceptions over the years.
- Closing open relays
- Requiring reverse DNS
- SPF
- DKIM
- DMARC
- ARC (possibly in the future)
I understand why people may want to push back on such technologies. I
feel like they are free to have their opinion. I'll try to keep my
opinion to myself.
However, I suspect that the horse drawn carriages are going to
eventually end up yielding to the automobile in most places.
This is exactly why I've been working with Warren to try to make sure
that I (and others using DMARC like me) don't cause harm to the TUHS
community.
Other proposed solutions is to have the mailing list
software detect
that you are using DMARC, and only having *your* postings munged so
the from field says thus(a)minnie.tugs.org, instead of
gtaylor(a)tnetconsulting.net. That way only people who are using mail
systems with DMARC get their From field munged, instead of punishing
everyone using the mailing list.
I do believe that's the current industry accepted work around. - I
don't know if it's the proper thing to do or not. - I suspect it's
what I'm going to end up asking Warren to enable. (It's my
understanding that the mailing list manager that Warren is using already
has the knob, and that he just needs to turn it.)
--
Grant. . . .
unix || die