Re: Yahoo breaks every mailing list in the world including the IETF's

Eric Dynamic <> Mon, 19 May 2014 05:47 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 31D1A1A02EE for <>; Sun, 18 May 2014 22:47:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.429
X-Spam-Status: No, score=-1.429 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Rv2ZzFWtp4V1 for <>; Sun, 18 May 2014 22:47:52 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A317C1A02BD for <>; Sun, 18 May 2014 22:47:52 -0700 (PDT)
Received: from [] ( []) (authenticated bits=0) by (8.14.7/8.14.7) with ESMTP id s4J5kJqS088629 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 18 May 2014 22:46:23 -0700 (PDT)
Message-ID: <>
Date: Sun, 18 May 2014 22:30:44 -0700
From: Eric Dynamic <>
User-Agent: Thunderbird (X11/20100623)
MIME-Version: 1.0
To: S Moonesamy <>
Subject: Re: Yahoo breaks every mailing list in the world including the IETF's
References: <> <> <> <>
In-Reply-To: <>
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-UCTC: processed through sdmilter
Cc: Phillip Hallam-Baker <>,
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 19 May 2014 05:47:54 -0000

Meanwhile I notice that hundreds of IT professionals spin their wheels over
standards and practices for dealing with spam, which is otherwise preventable,
namely, let's cut the crap and go to first casuses: why there is spam/crime to
the extent that there is: bad software running user PCs worldwide.

Get rid of Microsoft software connected to the Internet and the worldwide
"bot-net" problem will go away in a few months, as the criminal bots are
tracked down and eliminated but NOT replaced.

Do not even begin to bother the issue of whether Unix/Linux can or cannot be
invaded/compromised. Yes, it can, but to at most four orders of magnitude a
lesser extent. Microsoft's mean time to the next exploit is 15 days (two weeks.)
Unix's mean time to the next exploit is 2700 days (7.5 years.)
Microsoft users are just recovering from any given virus when the next one hits.

There is just no excuse to keep using such awful software and then have to
pretend that all the extra attendant nonsense ("anti-spamscience") is meaningful
and necessary. I suggest we worldwide quit wasting man-hours and intelligence
doing scutwork on an arms-race basis to keep Bill Gates's company looking
at best adequate. The spam is their fault and they can't fix the reasons why.

So put their code in the garbage where it belongs and retire Microsoft into
the Dustbin of History where it belonged 20 years ago.

This will free an enormous amount of now-wasted manpower to start doing more
useful things. This would also greatly benefit the economy and the development
of new PC technology, by the way, without regard to spam/crime.


S Moonesamy wrote:
Hi Phillip,
At 10:04 17-05-2014, Phillip Hallam-Baker wrote:
Yet more special pleading.


A legitimate argument against DMARC would be 'Here is a research study
based on empirical evidence that shows DMARC does not help'', it might
not be persuasive but it would be a valid argument to have. I am


I find the arguments that IETF should ignore the impact of DMARC
unpersuasive. We have changed email repeatedly in response to non
standards compliant actions taken by the spam senders. So there is a
precedent for responding to malicious actions, why would we treat
non-malicious actions differently?

The significant change I can think of is the MSA/MTA split.  That was in 1998.  There is a specification violation in response to a DMARC policy as implementers do have to decide whether to provide a fix or ignore the issue.  There are also operational issues, e.g." rel="nofollow">  Should the IETF ignore the impact of all this?  Frankly, I don't know.  It is a significant amount of work to assess how much of a problem this is.

S. Moonesamy