[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Sun, Oct 25, 2015 at 08:13:46PM +0000, Brad Rogers wrote: > >I've long agreed with you and even argued this way in IETF groups. I've > >come to change my mind and see that the DMARC setting helped them fight > >abuse taking place at that very moment, at a relatively minor cost (very > >few people use mailing lists). > > Insofar as it doesn't affect them, or their customers, yes. Potentially, > it affects everybody else. I disagree that that constitutes 'relatively > minor cost'. It did affect their own customers, who were often banned from posting to mailing lists. But people who post to mailing lists are a small minority in the bigger scheme of things. The fact that From: isn't protected - something which DMARC with p=reject attempts to solve - also hurts mailing lists as they often determine whether someone is a subscriber based on their From: address. Why this matters is currently seen on the NANOG list - a popular list for sysadmins. The list is being flooded by spam emails with the same From: address - a subscriber who had his contacts list stolen - from different IP addresses. Apart from blocking the user, there's nothing the list can do. That's another reason why I think mailing list software isn't ready for today's Internet - and they're the ones who should change. > I said email, and that's what I meant. Webmail <> email, at least, not > in this context. You keep saying that, but I really fail to see why you make that distinction. > Ah, understood. A good idea. One which almost all governments will > detest. They might, but they won't be able to stop it, if only because their arguments for backdoors in network encryptions are a lot weaker, as you can only really decrypt everyone's traffic and than find what your target has been sending. With disk-encryption, they could at least promise they would only decrypt devices of specific targets. > Only time will tell, obviously. In any case, such a change would have > to be available to all, as email currently is. Proprietary offerings > that exclude/ignore various hardware platforms should be non-starters. Of course. Replacing something that works so well won't be easy. I've become a big fan of DIME, which I wrote about earlier this year https://www.virusbtn.com/blog/2015/03_12a.xml Martijn.
Attachment:
signature.asc
Description: Digital signature
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq