[170921] in North American Network Operators' Group
Re: responding to DMARC breakage
daemon@ATHENA.MIT.EDU (Miles Fidelman)
Sat Apr 12 18:32:08 2014
Date: Sat, 12 Apr 2014 18:31:42 -0400
From: Miles Fidelman <mfidelman@meetinghouse.net>
To: NANOG <nanog@nanog.org>
In-Reply-To: <5349B679.1040008@dcrocker.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Dave Crocker wrote:
> On 4/12/2014 2:38 PM, Jim Popovitch wrote:
>> On Sat, Apr 12, 2014 at 1:12 PM, Miles Fidelman
>> <mfidelman@meetinghouse.net> wrote:
>> someone needs to get a legal opinion wrt
>> the DMARC group's effort to have all mailinglists change their From:
>> address.
>
>
> "The DMARC group" (presumably referring to the dmarc.org informal
> consortium that created DMARC) is conducting no such effort.
>
> The action taken this past week was an independent effort by Yahoo.
>
> dmarc.org had nothing to do with it.
>
> The DMARC specification is quite clear about the limitations of its use.
>
> Nothing is aided by the confusing the very basic different between a
> specification and the choices actors make in applying it.
>
Dave, it's not that clear cut. Standards bodies have been held liable
for negligence, as have participants in standards making processes (just
did a little googling of case law). Trade associations have been held
to be in violation of antitrust law.
I would expect that the right lawyer might have a field day painting the
"informal consortium that created DMARC" as colluding in violation of
anti-trust law, and perhaps criminal conspiracy. At the very least,
"creating a public nuisance." And that's before we even consider civil
torte liability.
I also expect that someone could make a good case against Yahoo for
"knowingly caus[ing] the transmission of a program, information code, or
command, and as a result of such conduct, intentionally causes damages
without authorization to a protected computer” in violation of the
Computer and Fraud Abuse Act - for publishing their p=reject policy, and
possibly for hotmail, comcast, etc. for criminal conspiracy in honoring
that policy. (Kind of like a DDoS attack, or domain hijacking.)
But then, I'm not a lawyer, just an engineer and sometime policy wonk
(who just had lots of fun working with some very smart lawyers on a bid
protest).
Hmm... I wonder if anybody who's suffered serious economic damage as a
result of this wants to bankroll some lawyers? Could be fun. (And given
the amount of pain this has inflicted on me, personally, I wouldn't mind
sharing some of the pain.)
Miles Fidelman
--
In theory, there is no difference between theory and practice.
In practice, there is. .... Yogi Berra
