On Tue, Apr 15, 2014 at 7:18 PM, John R Levine <johnl(_at_)taugh(_dot_)com>
wrote:
The reason it's not special is that it's just the most visible example of
a wide variety of legitimate useful mail that DMARC can't describe, and
that are broken by DMARC policies other than p=none.
As I see it, this is probably the core of the stalemate. I agree that
DMARC, and its various antecedents that we all know and love, can't
precisely describe mailing list traffic as it's currently defined. What I
observe, though, is that there's typically lots of talk about what we can't
do to add that capability, and almost none about what's actually possible.
People get discouraged and give up. This isn't a path to success.
I'm all for being as incremental and non-destructive as possible when
building these things. I also don't think it's possible to be completely
invisible 100% of the time.
Sure, whitelisting is one possible solution. Publishing a whitelist is
easy, but populating it, managing it, making it robust, making it fair, and
protecting it against fraudulent entries needs to be sorted out, whether
it's a public whitelist or a private one. Are we certain, though, that
it's flatly impossible to adjust lists in such a way that their traffic
could be described by these mechanisms?
-MSK