On 17 Dec 2016, at 12:52, Randy Bush <randy(_at_)psg(_dot_)com> wrote:
dmarc is sorely broken and all the amielorations have not good side
effects. so the question to me is whether we can move the pain closer
to the cause?
Hi, Randy.
It’s hard to move the pain in a predictable way. If I send you an email message
and it’s not delivered or gets mangled or goes in your spam folder, who feels
the pain? That depends on which of us needs the email more.
The group you want to feel the pain are the administrators who add DMARC
records, but other than spamming them with error reports, there’s not much we
can do. I don’t think the administrators at Yahoo care too much whether their
users are able to use IETF mailing lists or not.
As a proxy we can “punish" those senders who have a DMARC record for their
domain.
If we do nothing, their messages sometimes get lost. They have real problems
participating effectively in the IETF unless they switch to using gmail or
hotmail accounts like many of us have already done. But that gives us pain as
well because we’re missing messages as long as they keep using their own
accounts.
If we apply the mitigations only to such accounts, we solve the bounce issue,
but then depending on the solutions we poison some of the other participants’
email addresses, or we make the UI show weird unhelpful things. Seems like
everybody else gets the pain.
Yoav