There has been some discussion on what should the IETF do about the
collateral damage experienced by several mailing lists when major
mailbox providers switch their DMARC policies to p=reject.
Mailing lists used to be a legitimate use of email. Albeit they are
the workhorse of many organizations which are vital for the Internet
itself, such as the IETF and several software projects, statistically
they are a minor Internet feature. I can understand that after
decades of failed attempts to control email abuse, their disappearance
is not the main concern of "p=reject" proponents.
The discussion on ietf-822 brought some mailing list assumptions
--much needed, since ML were never formally standardized-- as well as
a few proposals. Now the discussion seems to be fading out, even if
no actionable result was reached. The solutions proposed, in order of
decreasing ease (IMHO), are:
* Whitelisting,
* weak signatures,
* permission to re-sign, and
* exchange of cryptographic data.
All of those solutions require that originators' relays know whether a
message is destined to a mailing list. That is a delicate subject in
itself, as it involves privacy considerations --does a subscriber
consent to allowing her or his mailbox providers to know which lists
she or he is on?
The DMARC draft is currently in "AD Followup" state. A review was
posted here last week, a process which doesn't seem to affect
deployment much.
How is the IETF going to proceed on this issue?
Ale