ietf
[Top] [All Lists]

Re: Will mailing lists survive DMARC?

2014-04-29 12:56:59
The problem exists if A is publishing such a policy, B is acknowledging the 
policy, B is
generating a bounce, and the bounce is hitting the mailing list provider.

I do not understand why a bounce should be generated (and not the incoming 
mail to B would
be tagged as spam and/or null-routed).

DMARC lets you say p=reject or p=quarantine.  For whatever reason, AOL
and Yahoo are saying reject.  Using that p=quarantine would be nearly
as bad, with list mail eternally vanishing into spam folders.

That said, the result of the above is that B is unsubscribed from the mailing 
list due to
large number of bounces, but that is because B is recognizing the policy A is 
publishing.

Yes, but there are complicating factors.

One is that it's entirely possible to use DMARC responsibly.  It's
been around for a year, domains like paypal.com have published
p=reject, with no problems because nobody sends real paypal.com mail
via mailing lists or mail-an-article or the other stuff that is broken
by DMARC reject.

What changed is that two of the largest consumer mail providers had
huge security breaches where crooks stole user info including their
address books (both admit it, no conspiracizing needed) and used DMARC
as a sledgehammer to try and mitigate the damage.  I don't think
anyone is opposed to mitigating damage, but these particular efforts
had the predictable side effect of dumping costs on unrelated third
parties which AOL and Yahoo have so far done nothing to address.
Yahoo's blog admits that they are affecting 30,000 other providers, so
they know this is not a trivial problem.

Finally, the DMARC group includes the largest mail providers in the
world (I've seen DMARC bounces from Gmail, Yahoo, Hotmail, AOL, and
Comcast), who have such a large market share and so much market power
that it is not realistic to exclude users at those providers and tell
them to take their business elsewhere, no matter how well deserved
that advice might be.

R's,
John