Re: DMARC: perspectives from a listadmin of large open-source lists

On 04/14/2014 02:14 AM, John C Klensin wrote:



--On Monday, April 14, 2014 01:08 -0700 Doug Barton
<dougb(_at_)dougbarton(_dot_)us> wrote:

But this takes us back to Ned's point (or at least my
interpretation of it): it is lots easier to fix a bad DMARC
config, ignore restrictive DMARC specifications, or even to
abandon DMARC entirely, than it is to believe that we can
upgrade every MTA and MUA on the network to start accepting
percent hacks, bang paths, or the syntax characters used to
denote them, again.  Or any other strange local-part syntax
anyone is likely to come up with, e.g., perhaps we could use
plus signs, hyphens, or appropriately-escaped backslashes.  Or
we could steal "/" and "=" back from X.400 gateways.  Right.


Well + is out, since that's used by various local filtering
solutions.


Doug, I think you are missing my, and probably John Levine's,
attempts at humor.

Not so much "missing" it as ignoring it because I'd rather focus onfinding a solution than on dark sarcasm.

 Let me spell it out:

... yes, I get all of that, which is why I didn't suggest any of thosecharacters. I also specifically didn't suggest ! because I didn't wantto look like a throwback to UUCP.

The bottom line is that trying to work around this by a trick
syntax convention is really hard, unlikely to succeed, and quite
likely to result in legitimate messages disappearing and/or
breaking existing conforming systems.

.... which is why I'm suggesting open conversation to try and avoidthose pitfalls. I would also like to make sure we are scoping theproblem correctly when you say "working around _this_." John Levine hasalready attempted to derail the concept I'm actually proposing byarguing against something I'm not.

And while even the problem I'm actually proposing to solve is hard,complaining about it the fact that someone else broke mailing lists isdefinitely not going to solve it.

But your point is well taken ... the "right" answer may be to
fix or discard DMARC, I honestly don't know. But in a world
where DMARC is here to stay, or if not DMARC then some other
anti-spam solution that breaks mailing list forwarding; and in
that same world where mailing list traffic is negligible (and
therefore the cost of breaking mailing lists is in the noise
compared to the benefits of deploying said anti-spam solution)
it's incumbent on the mailing list software folks to solve
this problem.


I'm going to risk more humor and suggest that everyone who
believes that mailing list traffic is negligible and the cost of
breaking them is in the noise should be immediately unsubscribed
from all IETF-related lists, including this one.


John, if you want me off this list just say the word.

Meanwhile, *I* was not suggesting that mailing list traffic isunimportant, I get at least a hundred messages a day from various lists,and it constitutes the vast majority of my daily electronic communication.

What I AM suggesting however, and I realize that this is a hard pill toswallow for many IETF'ers, is that IN THE GRAND SCHEME OF THINGS mailinglist traffic is inconsequential to large e-mail providers. It's a smallpercentage of the overall traffic they process, and AS A RESULT Yahoo!'scalculus clearly reached the conclusion that even though they knew theywere going to break traffic from some percentage of their users, theoverall benefit was worth it to them. We may not like to hear that, butit IS the reality. If we're going to be serious about the E in IETFwe're a lot better off starting from the world of reality, rather thanthe world we wish we lived in.

So even if we were somehow able to magically fix DMARC today so thatlist traffic works perfectly with it, tomorrow another anti-spamsolution is going to come along that is better than DMARC, and mailinglist traffic as it exists currently won't work with it. The tail willnot be wagging the dog here, the mailing list software has to be fixedif we want to solve this problem.


Doug