[discuss] DMARC snafu as a wake-up call

S Moonesamy sm+1net at elandsys.com
Sat Apr 12 19:58:44 UTC 2014

Hi Miles,
At 06:06 12-04-2014, Miles Fidelman wrote:
>Maybe this is a little off-topic, but it strikes me that recent 
>events - notably "Yahoo breaks every mailing list in the world 
>including the IETF's" 
>highlights a really big pitfall of a purely consensus process of 
>Internet governance - i.e., one large bad actor can do tremendous 
>damage, particularly if a couple more go along with it.  (Speaking 
>as one who manages a couple of dozen email lists - I'm tearing my 
>hair out right now dealing with the damage).


>(And..... If anybody has some thoughts about an appropriate 
>"Internet Governance" response to the Yahoo/DMARC debacle, that 
>would be both illustrative to the current situation, and immediately 
>helpful.  At least it strikes me that when a large actor, puts a 
>protocol into production, that is nothing more than an informational 
>internet-draft, not even an RFC, and wreaks wide-spread damage - 
>that seems to merit some kind of institutional response with teeth.)


   "The following are some examples of some standards track documents 
that could be useful:

    RFC 6430, Feedback report type value, RFC 5039 SIP and Spam, RFC 
2505 Anti-spam
    recommendations, RFC 2635 Guidelines for mass unsolicited 
mailings and postings.
    The IETF is similarly developing mail authentication 
technologies, like DKIM
    (RFC 6376, RFC 5585, etc.), SPF (RFC 4408) and DMARC (www.dmarc.org)."

In my opinion the IETF is not working on DMARC.  The internet 
governance angle is that there might be an assumption that a 
technology has been blessed by the IETF as a standard because someone 
said that in an eloquent manner.

S. Moonesamy 

More information about the discuss mailing list