Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists
Hector Santos <hsantos@isdg.net> Sat, 12 April 2014 22:09 UTC
Return-Path: <hsantos@isdg.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD9061A0250 for <ietf@ietfa.amsl.com>; Sat, 12 Apr 2014 15:09:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.503
X-Spam-Level:
X-Spam-Status: No, score=-99.503 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, J_CHICKENPOX_16=0.6, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XLvdZvhELGH8 for <ietf@ietfa.amsl.com>; Sat, 12 Apr 2014 15:09:52 -0700 (PDT)
Received: from mail.catinthebox.net (mail.catinthebox.net [208.247.131.9]) by ietfa.amsl.com (Postfix) with ESMTP id BDEAB1A01DF for <ietf@ietf.org>; Sat, 12 Apr 2014 15:09:51 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=4499; t=1397340579; h=Received:Received: Received:Received:Message-ID:Date:From:Organization:To:Subject: List-ID; bh=HqJV14LX5nKt01RytM8n8j1IGkY=; b=v1sdAIgte5gKphVP4Fqw oX0dBHNsNwqG1kITKPKtpuGsVyoABXGVMp02X5xiV6X62LKHbSpx6TuplfJyPdJ7 oKqmh6mcRTZqYEs/IEXHZB233jeWLtcfkHPc7JHhgnOxE/5RBhFp1Y6NbY17fsGF mVWZucgQwZW/jWIkJB7umxY=
Received: by winserver.com (Wildcat! SMTP Router v7.0.454.4) for ietf@ietf.org; Sat, 12 Apr 2014 18:09:39 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com;
Received: from beta.winserver.com (hector.wildcatblog.com [208.247.131.23]) by winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP id 449158531.9010.3196; Sat, 12 Apr 2014 18:09:38 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=4499; t=1397340519; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=SreszKX LgD2nqyw3DGymZcKI2F+K12Waf7Jvv0tYhqE=; b=vbz5CJ6dafMQmrv13aH5ppY MMPtM3ZDRGbxFJGc8+3m14tKb2MR/lySBw+//TwiMFfklfD1OMAZVxQ0d2dRJVLk b7X+OAvG7j3gFIgMkb36teQvx6VwQ4RHRT4YpOqokfv6zM9qb91kuHTrYlIpLnsu S1XhTMXrCZ26357UDsz0=
Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.4) for ietf@ietf.org; Sat, 12 Apr 2014 18:08:39 -0400
Received: from [192.168.1.2] ([99.121.4.27]) by beta.winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP id 468694625.9.5520; Sat, 12 Apr 2014 18:08:37 -0400
Message-ID: <5349B9A8.2090900@isdg.net>
Date: Sat, 12 Apr 2014 18:09:44 -0400
From: Hector Santos <hsantos@isdg.net>
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Miles Fidelman <mfidelman@meetinghouse.net>, ietf@ietf.org
Subject: Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists
References: <53499A5E.9020805@meetinghouse.net>
In-Reply-To: <53499A5E.9020805@meetinghouse.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/1YxeLf30r449aj_0416PeinjkDg
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Apr 2014 22:09:55 -0000
Miles, Bravo to you for being brave!! +100 on everything you said!! -- HLS n 4/12/2014 3:56 PM, Miles Fidelman wrote: > Folks, > > We (really I) support perhaps 2 dozen small email lists, for a bunch > of community groups (PTOs, churches, neighborhood groups) - mostly the > legacy of previously running a small hosting firm, and still having > the machines sitting in a data center. The kinds of groups with lots > of non-technical users who have email accounts on Yahoo, hotmail, AOL, > Comcast, and such. The lists range in size from tiny (5 person boards > of directors) to maybe 1000 (high school parents). > > Yahoo's implementation of it's new DMARC policy has been an absolute > disaster. Kind of messes things up when a few days before tax filings > are due, and in parallel with the Heartbleed mess, (not to mention the > work that pays the bills), roughly 1/3 of the addresses on almost all > of the lists start bouncing mail from yahoo addresses - particularly > when yahoo's postmaster didn't have a clue what was going on (my > initial thought was - oh heck, need to get back on their whitelist). > Luckily gmail seems not to be honoring the Yahoo's p=reject policy, at > least so far, or things would be a LOT worse. > > Still trying to figure out a reasonable fix for this, as it looks like > lots of other listmasters are trying to do - and doesn't help that I'm > running a less common list package (sympa). > > Anyway - one of my reactions to this is that something is really > broken about the process by which DMARC and Yahoo's policy have been > foisted on the larger Internet community - and in particular IETF's > role or lack thereof. Specifically: > > - DMARC is an ad-hoc group that assembled with a "common goal was to > develop an operational specification to be introduced to the IETF for > standardization" > (http://dmarc.org/about.html) > > - DMARC.org defines the "DMARC Base Specification" with a link to > https://datatracker.ietf.org/doc/draft-kucherawy-dmarc-base/ - an IETF > document > > - the referenced document is an informational Internet draft, that > expires in October of this year, that starts with "This memo presents > a proposal for a scalable mechanism by which a mail sending > organization can express,. > > - It's also being presented as mature - through such publicity > statements as "DMARC standard now protects almost two-thirds of the > world's 3.3 billion consumer mailboxes worldwide" > (http://dmarc.org/news/press_release_20140218.html) > > In essence, DMARC is being represented as a mature, standards-track > IETF specification - with the implication that it's been widely > vetted, and is marching through the traditional experimental -> > optional -> recommended -> mandatory steps that IETF standards go > through. > > In reality: > - DMARC was developed by a tiny number of people, all of whom work for > very large ISPs > - as far as I can tell, all input from the broader community - notably > mailing list developers and operators was roundly ignored or dismissed > (the transcript is really clear on this) > - while DMARC is at least partially tested, deploying and honoring > "p=reject" messages is brand new, and has wreaked tremendous damage > across the net > - as far as I can tell, those who are behind DMARC are taking the > position "it's not our problem" (see discussions on > dmarc-discuss@dmarc.org and dmarc@ietf.org) - and there is nary a > Yahoo representative to be seen anywhere > > From an operational perspective, this is akin to a large player > publishing a corrupt nameserver database or routing update - and then > actively resting attempts to clean up the mess (which, in effect is > what Yahoo did by updating their DMARC record to p=reject). > > The situation strikes me as incredibly perverse and broken - the more > so that the perpetrators are presenting this as blessed by the IETF > standards process. > > It strikes me that IETF should weigh in on this in a formal fashion - > if only to make it very clear that IETF is not responsible for this > debacle, and perhaps to exert some moral influence on the perpetrators > to back off and help clean up the mess they've created. > > On a broader scope - this sort of points out a really big hole in our > consensus governance process - when one bad actor can inflict damage > across the entire Internet, apparently, with impunity. > > Miles Fidelman
- DMARC from the perspective of the listadmin of a … Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Dave Crocker
- Re: DMARC from the perspective of the listadmin o… Michael Richardson
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Hector Santos
- Re: DMARC from the perspective of the listadmin o… Brian E Carpenter
- Re: DMARC from the perspective of the listadmin o… Theodore Ts'o
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Mark Andrews
- Re: DMARC from the perspective of the listadmin o… Hector Santos
- Re: DMARC from the perspective of the listadmin o… Douglas Otis
- Re: DMARC from the perspective of the listadmin o… Dave Crocker
- Re: DMARC from the perspective of the listadmin o… Andrew G. Malis
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… John Levine
- Re: DMARC from the perspective of the listadmin o… Brian E Carpenter
- Re: DMARC from the perspective of the listadmin o… Brian E Carpenter
- Re: DMARC from the perspective of the listadmin o… Theodore Ts'o
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Dick Franks
- Re: DMARC from the perspective of the listadmin o… Dick Franks
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re[2]: DMARC and yahoo mohammed serrhini
- Re: DMARC from the perspective of the listadmin o… Hector Santos
- Re: DMARC from the perspective of the listadmin o… Dick Franks
- Re: DMARC from the perspective of the listadmin o… Murray S. Kucherawy
- Re: DMARC from the perspective of the listadmin o… Dave Crocker
- Re: DMARC and yahoo Doug Royer
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Murray S. Kucherawy
- Re: DMARC from the perspective of the listadmin o… Warren Kumari
- Re: DMARC from the perspective of the listadmin o… Murray S. Kucherawy
- RE: DMARC from the perspective of the listadmin o… MH Michael Hammer (5304)
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC and yahoo Theodore Ts'o
- Re: DMARC from the perspective of the listadmin o… Dick Franks
- Re: DMARC from the perspective of the listadmin o… Brian E Carpenter
- Re: DMARC from the perspective of the listadmin o… Rolf E. Sonneveld
- Re: DMARC from the perspective of the listadmin o… Dave Crocker
- Re: DMARC from the perspective of the listadmin o… Murray S. Kucherawy
- Re: DMARC from the perspective of the listadmin o… Murray S. Kucherawy
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Dave Cridland
- Re: DMARC from the perspective of the listadmin o… Dick Franks
- What I've been wondering about the DMARC problem Brian E Carpenter
- Re: What I've been wondering about the DMARC prob… Doug Barton
- Re: DMARC and yahoo Doug Royer
- Re: What I've been wondering about the DMARC prob… Miles Fidelman
- Re: What I've been wondering about the DMARC prob… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Ted Lemon
- Re: What I've been wondering about the DMARC prob… Theodore Ts'o
- Re: DMARC from the perspective of the listadmin o… Scott Kitterman
- Re: DMARC and yahoo Theodore Ts'o
- What I've been wondering about the DMARC problem Abdussalam Baryun
- Re: What I've been wondering about the DMARC prob… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Sabahattin Gucukoglu
- Re: What I've been wondering about the DMARC prob… Seth Johnson
- Re: What I've been wondering about the DMARC prob… Seth Johnson
- RE: What I've been wondering about the DMARC prob… l.wood
- Re: DMARC and yahoo Douglas Otis
- Re: What I've been wondering about the DMARC prob… Seth Johnson
- Re: What I've been wondering about the DMARC prob… Dave Crocker
- Re: DMARC from the perspective of the listadmin o… Hector Santos
- Re: What I've been wondering about the DMARC prob… Miles Fidelman
- Re: What I've been wondering about the DMARC prob… Seth Johnson
- Re: What I've been wondering about the DMARC prob… Miles Fidelman
- Re: What I've been wondering about the DMARC prob… Paul Ferguson
- Re: What I've been wondering about the DMARC prob… Miles Fidelman
- Re: What I've been wondering about the DMARC prob… Hector Santos
- Re: What I've been wondering about the DMARC prob… Miles Fidelman
- RE: What I've been wondering about the DMARC prob… MH Michael Hammer (5304)
- Re: What I've been wondering about the DMARC prob… Hector Santos
- RE: What I've been wondering about the DMARC prob… MH Michael Hammer (5304)
- Re: What I've been wondering about the DMARC prob… Brian E Carpenter
- Re: DMARC and yahoo Doug Royer
- Re: DMARC and yahoo Theodore Ts'o
- Re: DMARC and yahoo Michael Richardson
- Re: DMARC and yahoo Theodore Ts'o
- Re: What I've been wondering about the DMARC prob… Sabahattin Gucukoglu
- Re: DMARC and yahoo Stephen Farrell
- Re: DMARC and yahoo Hector Santos
- Re: DMARC and yahoo Randy Bush
- Re: DMARC and yahoo Yoav Nir
- RE: DMARC and yahoo MH Michael Hammer (5304)
- Re: DMARC and yahoo Theodore Ts'o
- RE: DMARC and yahoo MH Michael Hammer (5304)
- Re: What I've been wondering about the DMARC prob… Jim Fenton
- Re: What I've been wondering about the DMARC prob… Brian E Carpenter
- Re: DMARC and yahoo Miles Fidelman
- RE: DMARC and yahoo l.wood
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… Douglas Otis
- Re: DMARC from the perspective of the listadmin o… John C Klensin
- Re: What I've been wondering about the DMARC prob… Sabahattin Gucukoglu
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: What I've been wondering about the DMARC prob… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Hector Santos
- Re: What I've been wondering about the DMARC prob… Brian E Carpenter
- Re: What I've been wondering about the DMARC prob… Theodore Ts'o
- Re: What I've been wondering about the DMARC prob… John Levine
- Re: DMARC from the perspective of the listadmin o… Martin Rex
- Re: DMARC from the perspective of the listadmin o… Doug Barton
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… Murray S. Kucherawy
- Re: DMARC from the perspective of the listadmin o… John Levine
- Re: What I've been wondering about the DMARC prob… Murray S. Kucherawy
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: What I've been wondering about the DMARC prob… Sabahattin Gucukoglu
- Re: What I've been wondering about the DMARC prob… Sabahattin Gucukoglu
- RE: DMARC from the perspective of the listadmin o… MH Michael Hammer (5304)
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- RE: DMARC from the perspective of the listadmin o… MH Michael Hammer (5304)
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Doug Barton
- Re: DMARC from the perspective of the listadmin o… Theodore Ts'o
- Re: DMARC from the perspective of the listadmin o… Randy Bush
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… John C Klensin
- Re: What I've been wondering about the DMARC prob… ned+ietf
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… Hector Santos
- Re: DMARC from the perspective of the listadmin o… John C Klensin
- Re: DMARC from the perspective of the listadmin o… Pete Resnick
- Re: DMARC and yahoo Jeffrey Altman
- Re: DMARC and yahoo John Levine
- Re: DMARC and yahoo Hector Santos
- Re: DMARC and yahoo John C Klensin
- Re: DMARC and yahoo Brian E Carpenter
- One size doesn't fit all [Re: DMARC ....] Brian E Carpenter
- Re: DMARC from the perspective of the listadmin o… Dave Crocker
- Somebody always claims something (was Re: DMARC f… Dave Crocker
- Re: DMARC and yahoo Doug Barton
- Re: DMARC and yahoo Hector Santos
- Re: DMARC and yahoo Theodore Ts'o
- RE: DMARC and yahoo Christian Huitema
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC and yahoo Yoav Nir
- Re: DMARC and yahoo John Levine
- Re: DMARC and yahoo Dave Crocker
- Re: What I've been wondering about the DMARC prob… Murray S. Kucherawy
- Re: DMARC and yahoo Doug Royer
- Re: What I've been wondering about the DMARC prob… ned+ietf
- Re: DMARC and yahoo Dave Crocker
- Re: DMARC and yahoo Douglas Otis
- Re: What I've been wondering about the DMARC prob… John Levine
- Re: DMARC and yahoo Brian E Carpenter
- Re: What I've been wondering about the DMARC prob… Murray S. Kucherawy
- Re: DMARC and yahoo Rolf E. Sonneveld
- Re: What I've been wondering about the DMARC prob… ned+ietf
- Re: DMARC and yahoo Douglas Otis
- Re: DMARC from the perspective of the listadmin o… Doug Barton
- Re: DMARC from the perspective of the listadmin o… Martin Rex
- Re: DMARC from the perspective of the listadmin o… Doug Barton
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Martin Rex
- Re: DMARC from the perspective of the listadmin o… Scott Kitterman
- Re: DMARC from the perspective of the listadmin o… Douglas Otis
- Re: DMARC from the perspective of the listadmin o… Scott Kitterman
- Re: DMARC from the perspective of the listadmin o… Martin Rex
- Re: DMARC from the perspective of the listadmin o… John R Levine
- Re: DMARC from the perspective of the listadmin o… Ted Lemon
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… Dave Crocker
- Re: DMARC from the perspective of the listadmin o… Martin Rex
- Re: DMARC from the perspective of the listadmin o… Douglas Otis
- Re: DMARC from the perspective of the listadmin o… Hector Santos
- The IETF environment (was: Re: DMARC from the per… ned+ietf
- Re: The IETF environment Dave Crocker
- RE: The IETF environment Adrian Farrel
- Re: The IETF environment Miles Fidelman
- Re: The IETF environment Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Murray S. Kucherawy
- Re: The IETF environment Abdussalam Baryun
- Re: The IETF environment Dale R. Worley
- Re: The IETF environment Brian E Carpenter
- Re: The IETF environment Dave Crocker
- Re: The IETF environment Phillip Hallam-Baker
- Re: DMARC from the perspective of the listadmin o… Hector Santos
- Re: The IETF environment S Moonesamy
- Re: The IETF environment Dave Crocker
- Re: The IETF environment Miles Fidelman
- RE: The IETF environment Christian Huitema
- Re: The IETF environment S Moonesamy
- Re: The IETF environment Miles Fidelman
- Workshop effects [Re: The IETF environment] Brian E Carpenter
- Re: Workshop effects [Re: The IETF environment] Abdussalam Baryun