--On Thursday, July 17, 2014 12:32 -0400 John R Levine
<johnl@xxxxxxxxx> wrote:
>>> It's more popular among large providers than small ones.
>> ...
>
>> To me, that makes decisions about damage-mitigation work for a
>> non-essential protocol complicated because one way to
>> eliminate the damage is to not support the protocol at all,
>> possibly including stripping its headers whenever they are
>> encountered.
>
> Having talked at length with people at the large providers
> that use DMARC, I am sure that there is no possibility that it
> will go away and it is likely that more rather than fewer
> providers will start publishing restrictive policies.
I do see a plausible scenario under which it goes away, but that
scenario is not the IETF's problem and I hope it stays not the
IETF's problem. More to the point, my note did not posit any
change in their behavior.
> They understand that it causes problems, and I believe they
> are open to implementing changes to alleviate those problems.
Let me be clear, since my earlier note obviously either wasn't
or was too detailed. I believe there are three possible
"fixes" that are under IETF control (what those providers will
or will not do is not, ARAIK, under IETF contorl):
(1) Changes are made to DMARC that reduce the pain level.
(2) Changes are recommended and made by the pain-recipients that
will make things less painful.
(3) Changes that are made in systems not controlled by the DMARC
sponsors that make the protocol both less effective and less
painful, e.g., by removing DMARC headers in appropriate
circumstances (with "appropriate" to be something the WG
discusses).
I just want to be absolutely sure that the charter doesn't
constrain any of those options and that the WG is on notice that
it will be accountable for, and required to explain, the choices
it makes.
best,
john