Stepping back from the
DMARC arguments, it occurs
to me that there is a predictable cycle with every new e-mail security technology.
1. Invention and enthusiasm
Someone invents a new way to make e-mail more secure, call it SPF or DKIM or DMARC or
(this month's mini-fiasco) PGP in DANE.
Each scheme has a model of the way that mail works.
For some subset of e-mail, the model works great, for other mail it works less great.
Every year M3AAWG
gives an award for lifetime work in fighting abuse and making the
Internet a better place.
Yesterday at its Dublin meeting they
it to Rodney Joffe, who has been quietly working for
over 20 years. I can't imagine anyone who deserves it more.
Since he wasn't able to attend in person, they made a video of an
informal interview in which he recounts a lot of what he's done,
with a few comments from his friends.
Adblock Plus is a very popular little program
that plugs into your web browser.
As its name suggests, it keeps ads from appearing in your web browser.
While users love it, advertisers and some webmasters hate it.
Its authors, Eyeo, are a small German company that has been sued in German
courts several times, and won every time.
This week a Munich court ruled in its favor again.
The IETF is once again wrestling with e-mail authentication and reputation,
this time in the context of DMARC,
particularly the long running issue of DMARC vs. mailing lists.
We have a bunch of proposals with various techniques of signing messages,
asking various parties who is authorized to send what.
Some of them seem workable, but a lot aren't.
I have found that a few basic rules that apply to any reputation scheme
make it a lot easier to evaluate
whether a proposal can work.
Although I don't have a lot of sympathy for the trademark
lawyers' argument that trademark holders need to register .sucks domains cheaply before anyone
else can, there is one point at the end of their letter that's worth a look.