Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists

Miles Fidelman <> Mon, 14 April 2014 15:36 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 6CA3D1A02CF for <>; Mon, 14 Apr 2014 08:36:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 1.819
X-Spam-Level: *
X-Spam-Status: No, score=1.819 tagged_above=-999 required=5 tests=[BAYES_50=0.8, MISSING_HEADERS=1.021, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 6eysx5Qs0hHr for <>; Mon, 14 Apr 2014 08:36:36 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 7FE591A04A6 for <>; Mon, 14 Apr 2014 08:36:36 -0700 (PDT)
Received: from localhost (localhost.localdomain []) by (Postfix) with ESMTP id A48E0CC0BB for <>; Mon, 14 Apr 2014 11:36:33 -0400 (EDT)
X-Virus-Scanned: by amavisd-new-2.6.2 (20081215) (Debian) at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with LMTP id 3gHSZSM+3ZMm for <>; Mon, 14 Apr 2014 11:36:25 -0400 (EDT)
Received: from new-host.home ( []) by (Postfix) with ESMTPSA id C64BECC0B9 for <>; Mon, 14 Apr 2014 11:36:24 -0400 (EDT)
Message-ID: <>
Date: Mon, 14 Apr 2014 11:36:24 -0400
From: Miles Fidelman <>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:28.0) Gecko/20100101 Firefox/28.0 SeaMonkey/2.25
MIME-Version: 1.0
CC: IETF Discussion <>
Subject: Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists
References: <> <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 14 Apr 2014 15:36:39 -0000

Dick Franks wrote:
> On 13 April 2014 00:35, < 
> <>> wrote:
> [snip]
>     The real question we should be discussing is what options the IETF
>     has to try
>     and address this.
> IETF has already adequately addressed this issue by its insistence on 
> inclusion of this statement in the document preamble:
>    It is inappropriate to use Internet-Drafts as reference
>    material or to cite them other than as "work in progress."
> An implementation based on I-D reference material is therefore no better than "work in progress".
> The blame for this debacle lies squarely with Yahoo, and its inadequate engineering change management.

That's all in the fine print.  The folks behind DMARC are representing 
DMARC as both IETF standards-track - both implicitly (by pointing to a 
"specification" published as an IETF document) and explicitly (multiple 
statements along the lines of "intended as... " and "intend to submit), 
and as mature.  Yahoo is using that to justify it's actions ("Today, 80% 
of US email user accounts and over 2B accounts globally can be protected 
by the DMARC standard.")

By no sense of the imagination is DMARC a "standard" (or even much of a 
specification) - IETF or otherwise - much less a mature one.

To my mind, IETF's inaction, and silence is both morally wrong, and 
carries a longer term risk:

- as the Internet standards body, IETF and its participant have a 
professional and moral responsibility to speak for "what is an Internet 
standard," as well as what constitutes responsible implementation, 
deployment, and operation of Internet protocols -- not just leave it in 
the fine print

- IETF, to a large degree, dropped the ball on a "standard," that for 
some period of time was worked on under the aegis of an IETF WG

- allowing someone to represent something as an IETF standard carries a 
risk to IETF's standing, effectiveness, and credibility as the 
Internet's standards body (ISO tends to get very upset if someone claims 
to be ISO9000 certified, but isn't; Xerox sends lawyers after 
competitors who refer to their copiers as "xerox machines")

 From an operational perspective, concerned with the stability and 
reliability of the Internet infrastructure, this kind of thing really 
scares me - particularly in the larger context of current discussions 
over changes to Internet governance.  This strikes me as a very clear 
cut example where our voluntary, cooperative model for doing things is 
failing very badly -- in large part because none of our institutions of 
self-governance are stepping up to the plate.  ("We wrote a disclaimer 
in the fine print" is not stepping up to the plate.)

Miles Fidelman

In theory, there is no difference between theory and practice.
In practice, there is.   .... Yogi Berra