On Fri, Jun 13, 2014 at 9:51 AM, Ted Lemon <ted.lemon@xxxxxxxxxxx> wrote:
On Jun 13, 2014, at 9:41 AM, Tony Finch <dot@xxxxxxxx> wrote:Ouch. Yet another reason why a flag day may be necessary to improve the situation.
> BUT! These systems do not use the MIME external body mechanism, because it
> is common for mail servers to reject these messages on the grounds that
> they are too difficult to properly scan for viruses.
>
> The end result is something pretty simiilar to MIME external bodies, but
> a complete mess from the protocol architecture point of view.
Now I will note that this is the sort of use of mail that people think we can fix and that the only difference between this use and the ones people think we can't change is where they got invented and by who[1].
What really needs to happen is that the external body mechanism needs to be integrated into the virus scanning mechanism and both have to support use of digital signatures so that senders can be appropriately whitelisted.
At the moment the mail systems make no distinction between someone outside my company sending me a ZIP file and me sending a ZIP file to my engineers. That is due to the mail protocols being defective.
Maybe the value of DMARC lies in that it will impose some pain on the community that has the ability to make changes to the mail system for a change.
[1] Strictly speaking it 'should' be whom but I think that particular word has been de facto deprecated.