ietf
[Top] [All Lists]

Re: DMARC methods in mailman --- [LEDE-DEV] DMARC related mass bounces / disabled subscriptions (fwd) Jo-Philipp Wich: [LEDE-DEV] DMARC related mass bounces / disabled subscriptions

2016-12-17 22:16:05
On Sat, Dec 17, 2016 at 06:38:07PM -0800, Dave Crocker wrote:
   4. The folk using DMARC for c2c are not seeing a significant problem from
that use and they do report significant benefit.  Sitting here in the IETF,
we might not like their assessment, but it's their business, not yours or
mine.

Right, the problem is not with c2c, where the affected mail might be
0.5%.  But for d2d (developers to developers), it's much more serious.

   5. The IETF has no meaningful leverage over those service providers.  Any
thoughts about what to do should keep that in mind.

That's been clear.  To the extent that though that some service
providers might want to have developers stay on their platform because
they might be powerful influencers, there might be *some* influence,
but it is admittedly very little.

   7. The providers' affected users have no leverage on their providers.
None.

Well, it *might* be that Google might not appreciate headlines of the
form, "Linus Torvalds is leaving gmail because Gmail has become
fundamentally incompatible mailing lists", but it is again,
admittedly, very small.

   8. It is easy to tell those providers' users that they should go to a
different provider, but take a look around for choices of consumer email
providers:  there are precious few choices on the Internet today. And for
the affected consumers, they need a free, well-run provider who operates at
scale.

So what we might end up with, in the long run, is mailing lists will
only work with developers who switch to mail services such as, for
example, fastmail.fm.  But there might not be mail services for
consumers that are compatible with mailing lists.  That would be sad,
in that it would involve a partial fork of the Internet mail system,
one for Eloi and one for the Morlocks, using Neal Stephenson's analogy
from "In the Beginning Was the Command Line".

But again, as you have said (and I agree) we have no control over the
big mail providers.  The only thing we have control over is any
mailing list servers we might happen to have administrative control
over, and what kind of pain we want to inflict on our particular
developer community (whether it is standards development or open
source development).

   9. ARC is expected to help this situation, but I suspect it won't be as
much help as anyone would like.  At the least, it requires adoption by both
the mailing lists and the receiving MTAs, and that's a lot of adoption to
require.

I have the same worry that ARC may not do as much to help as has been
hoped.  Certainly not in the short term.  That's because it won't just
be mailing list servers that will need to adopt ARC, but also mail
forwarding services such as those used by alum.mit.edu,
alumni.stanford.edu, linux.com, etc.

Basically, DMARC is a classic tragedy.  It's playing out in a fairly
inevitable fashion, and there's nothing we can do to change the basis
of the tragedy; only how we react to it.

I suspect the best in the DMARC world where ARC turns out not to be
completely successful is a setting where mailing list recipients can
specify whether their mail service honors DMARC requests, and if it
does, *and* if the sender is one that has a DMARC policy, the From
field will have to get mangled, and if that screws up the recipient's
Yahoo or GMail contacts database, it will be up to that mail provider
to decide how to deal with it.

                                                - Ted

<Prev in Thread] Current Thread [Next in Thread>