On 04/18/2014 05:33 PM, Ned Freed wrote:
>> On 04/18/2014 07:47 AM, Ned Freed wrote:
>>>> I said: Rather than throwing up our hands and telling the DMARC
>>>> folks that we refuse to work with them unless their solution
>>>> solves the problem of our anachronistic use case that that
>>>> constitutes only a tiny percentage of their overall traffic;
>>>
>>> Again with the traffic size as justification for poor behavior.
>>> Not all messages are created equal, and some functions have
>>> utility entirely disproportionate to the amount of bandwidth they
>>> use.
>
>> Right, so the input here from the operators is, "Mailing list
>> traffic is not important enough to us to prevent us from deploying
>> an anti-spam solution that solves the vast majority of our problems
>> with little cost or difficulty. The MLM software authors will have
>> to deal with this problem on their end." And your response is to
>> stamp your feet and shout, "But my mailing list traffic IS
>> important! It is, IT IS!!!!!"
>
> I really have to wonder where you got enough straw to build a
> strawman of this size. If you actually, you know, read what I've been
> saying, it has been that this was handled extremely poorly by the
> IETF. Just not in the way you happen to believe.
>
> Your view of what happened, who the operators actually are and what
> their positions are, and what the likely consequences are going to be
> are somewhere between a gross oversimplifications and looney tunes.
> But I must say they are amusing.
First, I acknowledge that you seem to be interested in addressing the
IETF's failings, the problem is that small matter of disagreement on
what those failings are. You say that my version of events is "looney
tunes," and yet there is "rough consensus and running code" backing it
up.
What is this "rough consensus and running code of which you speak?" My
understanding of that phrase has always been that it refers to the assessment
of documents within the IETF process. Exactly how is that supposed to apply
to independent documents such as this one?
And if you're talking about there being a consensus among serevice providers
regarding the use of p=reject in the fashion of AOL and Yahoo, I've seen
absolutely no evidence of that. Indeed, I've seen exactly the opposite. Our
customers tend to be very large concerns, and while I cannot get into specifics
for obvious reasons, I can assure you that they are not all hunkey-dorey with
what Yahoo and AOL are doing.
Even before AOL joined the p=reject team, but much more so now.
Seriously? A move by a single provider, now joined by another, represents some
sort of industry consensus?
It's incredibly obvious that the IETF either didn't listen to, or didn't
act on clear messages from the operator community on this topic.
Well, here I sort of agree. What the IETF didn't do is react to the danger this
posed in a timely way. Either on a technical or political level.
Trying
to re-paint the failure as one of process (or whatever weird rathole you
appear to be willing to travel) doesn't help the situation at all.
And that means... what, exactly? Of course fixing process issues after the fact
aren't going to help the present situation any.
For this issue what would help is for the IETF to admit its failure, and
take in hand the problem of solving mailing list delivery for DMARC
protected domains (along with the MLM software authors of course). If
there are other places where DMARC has weaknesses that can be shored up,
let's tackle those too.
Again, what part of "unwilling to make any changes" did you not understand?
What won't help is sitting on the sidelines and whinging that the "DMARC
cabal" "doesn't get it" and has to listen to us about how it should
conduct their business.
Of course it wouldn't help. Which is why I never did that.
Because not only do they clearly not have to do
that, they are not doing it. You will see more and more large mail
providers implementing p=reject because it's good for them, and the
fallout from Yahoo!'s implementation has been marginal (from their
perspective).
I have no doubt that some other providers who have mixed business transaction
mail on the same domain with personal email will follow suit. I'm skeptical
this will extend to those like Google who have kept them separate, or providers
that focus on providing personal mail accounts.
Only time will tell.
From a larger perspective it would be very useful for the IETF to take
this message to heart in other areas, like say ... DHCPv6. But I digress. :)
> Wrong again. The evidence shows clearly that the IETF did listen, to
> this group at least. Where the IETF failed was in not looking at the
> big picture and likely consequences, which I'm afraid is not laid out
> along the axis of "big operators all supporting DMARC" versus "tiny
> insignificant list maintainer stick-in-the-muds".
I'm not sure who you're defining as "the IETF" in this context, but the
record seems to show that there was a non-zero number of people telling
the DMARC folks that their spec should not be implemented because it
doesn't solve the mailing list problem, among others. So rather than
listening to the operators and working to solve the MLM problem, there
was whinging, and intransigence. I don't care how you want to
characterize the problem, the failures of communication and inaction are
pretty clear.
Suffice it to say I don't see it that way.
And with this reply I'm done with this conversation. You have a view of the
email world as well as the events that have transpired that is so completely at
odds with reality that this is no point in further discussion with you.
Ned