[discuss] DMARC snafu as a wake-up call
S Moonesamy
sm+1net at elandsys.com
Sat Apr 12 19:58:44 UTC 2014
Hi Miles,
At 06:06 12-04-2014, Miles Fidelman wrote:
>Maybe this is a little off-topic, but it strikes me that recent
>events - notably "Yahoo breaks every mailing list in the world
>including the IETF's"
>(http://www.ietf.org/mail-archive/web/ietf/current/msg87153.html)
>highlights a really big pitfall of a purely consensus process of
>Internet governance - i.e., one large bad actor can do tremendous
>damage, particularly if a couple more go along with it. (Speaking
>as one who manages a couple of dozen email lists - I'm tearing my
>hair out right now dealing with the damage).
[snip]
>(And..... If anybody has some thoughts about an appropriate
>"Internet Governance" response to the Yahoo/DMARC debacle, that
>would be both illustrative to the current situation, and immediately
>helpful. At least it strikes me that when a large actor, puts a
>protocol into production, that is nothing more than an informational
>internet-draft, not even an RFC, and wreaks wide-spread damage -
>that seems to merit some kind of institutional response with teeth.)
From
http://www.itu.int/en/council/cwg-internet/Pages/display-feb2013.aspx?ListItemID=68
"The following are some examples of some standards track documents
that could be useful:
RFC 6430, Feedback report type value, RFC 5039 SIP and Spam, RFC
2505 Anti-spam
recommendations, RFC 2635 Guidelines for mass unsolicited
mailings and postings.
The IETF is similarly developing mail authentication
technologies, like DKIM
(RFC 6376, RFC 5585, etc.), SPF (RFC 4408) and DMARC (www.dmarc.org)."
In my opinion the IETF is not working on DMARC. The internet
governance angle is that there might be an assumption that a
technology has been blessed by the IETF as a standard because someone
said that in an eloquent manner.
Regards,
S. Moonesamy
More information about the discuss
mailing list