ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: DMARC methods in mailman --- [LEDE-DEV] DMARC related mass bounces / disabled subscriptions (fwd) Jo-Philipp Wich: [LEDE-DEV] DMARC related mass bounces / disabled subscriptions

2016-12-19 02:12:47
from [Harald Alvestrand] [Permanent Link] 
On 12/19/2016 03:19 AM, Michael Richardson wrote:

Brian E Carpenter <brian(_dot_)e(_dot_)carpenter(_at_)gmail(_dot_)com> wrote:
    >> > Yeah, it's the "sometimes mail gets lost" problem which is the main
    >> > issue.  So it might actually be better to have the mailing list
    >> > software refuse to accept a mailing list posting from a domain with a
    >> > DMARC record, and it can be bounced back to the sender immediately
    >> > with a "sorry, try again using some e-mail address that does not have
    >> > DMARC support".
    >>
    >> I really think that this is the right answer for our community.

    > I don't. Accept the posting but also send a friendly warning seems to 
do less damage.

    >> The DMARC policy is not to forward, and we should respect it.

    > Why does DMARC, which is a broken solution, deserve that much respect?

rfc7489 is Informational, via ISE. Not WG or IETF consensus, it's true.
Perhaps the IESG should have blocked it, saying it was a run-around, I don't
know.  Lots of people said it had these problems.

The problem is that it has fundamentally changed how SMTP works (including
SPF and DKIM as part of that "suite"), and it isn't even standards track!

But, if we don't want to process it, then we need to do that in a way that
does not cause people to be kicked off the mailing list.


The ISE mechanism exists to get things published that matter to the
Internet.
It was clear at the time DMARC was published that it would be used
whether it was published as an RFC or not. Publishing the document at
least gave us a stable reference to be angry at.

It would actually be harder to publish a document saying "DMARC is bad,
don't use it, use that other thing instead" if there was no stable
reference for what we mean by DMARC.

I'd describe the so-far inaction more as "shut your eyes and hope it
will go away when others figure out that the solution is bad" than as
"sitting on the fence". Didn't work any better, though.



    >> When ARC gets standardized, we should implement it.

    > Assuming it solves the problem, sure. But if it doesn't, the problem 
will
    > get much worse.

I have no idea if it will work, but at least, if we were respecting DMARC,
then the large providers would have some incentive (if small) to make sure
ARC will work, and will get implemented.

--
Michael Richardson <mcr+IETF(_at_)sandelman(_dot_)ca>, Sandelman Software 
Works
 -= IPv6 IoT consulting =-






-- 
Surveillance is pervasive. Go Dark.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: DMARC methods in mailman --- [LEDE-DEV] DMARC related mass bounces / disabled subscriptions (fwd) Jo-Philipp Wich: [LEDE-DEV] DMARC related mass bounces / disabled subscriptions, Viktor Dukhovni
Next by Date:  RE: Review of draft-ietf-manet-olsrv2-sec-threats-03, Dearlove, Christopher (UK)
Previous by Thread:  Re: DMARC methods in mailman --- [LEDE-DEV] DMARC related mass bounces / disabled subscriptions (fwd) Jo-Philipp Wich: [LEDE-DEV] DMARC related mass bounces / disabled subscriptions, Michael Richardson
Next by Thread:  Re: DMARC methods in mailman, Hector Santos
Indexes:  [Date] [Thread] [Top] [All Lists]