Re: Enough DMARC whinging
Miles Fidelman <mfidelman@meetinghouse.net> Fri, 02 May 2014 12:51 UTC
Return-Path: <mfidelman@meetinghouse.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 237A61A081E for <ietf@ietfa.amsl.com>; Fri, 2 May 2014 05:51:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fV2aRp1qYeAO for <ietf@ietfa.amsl.com>; Fri, 2 May 2014 05:51:20 -0700 (PDT)
Received: from server1.neighborhoods.net (server1.neighborhoods.net [207.154.13.48]) by ietfa.amsl.com (Postfix) with ESMTP id 44C2F1A0764 for <ietf@ietf.org>; Fri, 2 May 2014 05:51:20 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by server1.neighborhoods.net (Postfix) with ESMTP id C126BCC0B7 for <ietf@ietf.org>; Fri, 2 May 2014 08:51:17 -0400 (EDT)
X-Virus-Scanned: by amavisd-new-2.6.2 (20081215) (Debian) at neighborhoods.net
Received: from server1.neighborhoods.net ([127.0.0.1]) by localhost (server1.neighborhoods.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id A1FXUgVF5sRa for <ietf@ietf.org>; Fri, 2 May 2014 08:51:08 -0400 (EDT)
Received: from new-host.home (pool-173-76-155-14.bstnma.fios.verizon.net [173.76.155.14]) by server1.neighborhoods.net (Postfix) with ESMTPSA id 2527BCC097 for <ietf@ietf.org>; Fri, 2 May 2014 08:51:03 -0400 (EDT)
Message-ID: <536394B6.5030805@meetinghouse.net>
Date: Fri, 02 May 2014 08:51:02 -0400
From: Miles Fidelman <mfidelman@meetinghouse.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:28.0) Gecko/20100101 Firefox/28.0 SeaMonkey/2.25
MIME-Version: 1.0
To: ietf@ietf.org
Subject: Re: Enough DMARC whinging
References: <CAMm+Lwh0Sc2wtvjEAjOMi4emDzyF4JWmmzYr5QEFcmyoKtkTAA@mail.gmail.com> <CAA=duU0i1Ppc-nMeWL-ipms4E4b0wpsSRZdLG+2YhujPgH-ZPQ@mail.gmail.com> <CAMm+LwikJhO5R6UqWx8qUswMptgTw_wF6E6_9Ok=SRYTBChYgA@mail.gmail.com> <CAA=duU3scwm=j2BJ6jq4k5zRQPkXOVOR1UscQqZZ8tG5HEZTwQ@mail.gmail.com> <536113B1.5070309@bbiw.net> <CAMm+LwiXoW3p5uCmML4kAWXnbrrAnSCK9x5U2qeHJdVgR2r_Gg@mail.gmail.com> <536265CE.6090508@dcrocker.net> <53638BBB.5010702@tana.it>
In-Reply-To: <53638BBB.5010702@tana.it>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/81ZomVNwaOpDSxNeDcio-nt9OsY
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 May 2014 12:51:22 -0000
Alessandro Vesely wrote: > On Thu 01/May/2014 17:18:38 +0200 Dave Crocker wrote: >> On 5/1/2014 8:22 AM, Phillip Hallam-Baker wrote: >>> Spam filters should know about things as important as mailing list >>> subscriptions. > +1 > >> We have about 20 years of spam filtering experience in the industry. >> The quality of modern filters is astonishingly good; it's the only >> reason email remains viable for users, in spite of open-Internet spam >> traffic being far above 90%. >> >> I believe that little or none of that filtering includes awareness of >> mailing list subscriptions. So while the above is an interesting and >> possibly useful line of pursuit, it's not clear how it can be elevated >> to the status of 'should'. > It is certainly useful to simplify spam filtering. I think there > would be consensus on 'should'; not on 'must' because of privacy > considerations. > >> Note that historically, mailing list operators have been resistant to >> the imposition of technical or operational changes. Speaking for at least one mailing list operator, who knows a lot more: I've ALWAYS implemented quite a bit of controls over our lists - both authenticating users before allowing them to join lists, and implementing extensive spam filtering at both the MTA and list level. The list software we use (Sympa), likewise has multiple spam and virus filtering mechanisms, as well as hooks for linking with external mechanisms. I haven't worked with Mailman extensively, but it also has spam filtering mechanisms. Spam is as much, or more of a problem for list operators, as anyone else. What I object to is when someone foists a new mechanism down our throats - without any care for breaking things. Actually, you may have unintentionally phrased this accurately: I (and probably other list operators) are "resistant to the IMPOSITION of technical or operational changes." Working WITH us, might yield better effect. And there are at least two forms that could have taken: 1. Contribute support (labor/dollars) to write patches to the major email list packages, BEFORE turning on restrictive DMARC policies. (We are talking about large, well funded corporate entities who have invested dollars in developing and implementing DMARC for business reasons that presumably have signficant payback). 2. Designing and implementing mechanisms that mitigate the impact on mailing lists - for example, whitelists. 3. Actually developing something that plays nice with whitelists - as there is now some discussion about (XOAR, whitelists, ....). > I'm not clear what you mean. Is there a standard that defines mailing > lists? > There are some that approach it - like the SMTP extensions for list-related headers. I personally think mailing list functionality is well enough understood that we could improve on this, and incorporate some standard authentication mechanisms in the process. Personally, I think some kind of standard that allows for: - separate identification and signing/authentication of author, originating MTA, list/forwarder would go a long way (I think this would require additional headers and/or standardizing the use of existing headers a bit more tightly) - maybe an extra list header or two regarding reply-to (separate author, author-errors, list, list-errors) - a mechanism that allows a list to modify messages that doesn't break incoming signatures, say: --- separate "original-subject" "subject-with-tags""listname" headers --- a well-specified way to add a header and/or footer to a message (e.g., headers to indicate header-line-count, and footer-line-count) --- provisions for MIME --- i.e., a recipient can verify the original message and author, verify changes that have been made by a listprocessor, run some checks on the diffs, then make a decision on what to do with the message - maybe some best practices for mail client presentation of information to end users Miles Fidelman -- In theory, there is no difference between theory and practice. In practice, there is. .... Yogi Berra
- Enough DMARC whinging Phillip Hallam-Baker
- Re: Enough DMARC whinging Andrew G. Malis
- Re: Enough DMARC whinging Christian de Larrinaga
- Re: Enough DMARC whinging Phillip Hallam-Baker
- Re: Enough DMARC whinging Andrew G. Malis
- Re: Enough DMARC whinging Dave Crocker
- Re: Enough DMARC whinging Phillip Hallam-Baker
- Re: Enough DMARC whinging Mitch Rodrigues
- Re: Enough DMARC whinging Phillip Hallam-Baker
- Re: Enough DMARC whinging John C Klensin
- Re: Enough DMARC whinging Andrew G. Malis
- Re: Enough DMARC whinging Dave Crocker
- Re: Enough DMARC whinging John Levine
- Re: Enough DMARC whinging Phillip Hallam-Baker
- Re: Enough DMARC whinging Miles Fidelman
- Re: Enough DMARC whinging Jim Fenton
- Re: Enough DMARC whinging Dave Crocker
- Re: Enough DMARC whinging Hector Santos
- Commenting on/ reviewing Independent Submissions … John C Klensin
- Re: Enough DMARC whinging Miles Fidelman
- Re: Enough DMARC whinging Mark Andrews
- Re: Enough DMARC whinging Hector Santos
- Re: Enough DMARC whinging Doug Barton
- Re: Enough DMARC whinging Miles Fidelman
- Re: Enough DMARC whinging Alessandro Vesely
- Re: Enough DMARC whinging Miles Fidelman
- Re: Enough DMARC whinging t.p.
- Re: Enough DMARC whinging Miles Fidelman
- Re: Enough DMARC whinging Dave Crocker
- Re: Not Enough DMARC whinging John Levine
- Re: Enough DMARC whinging Miles Fidelman
- Re: Enough DMARC whinging Jim Fenton
- Re: Enough DMARC whinging Dave Crocker
- Re: Enough DMARC whinging Miles Fidelman
- Re: Enough DMARC whinging Murray S. Kucherawy
- Re: Enough DMARC whinging Murray S. Kucherawy
- Re: Enough DMARC whinging Andrew Sullivan
- Re: Enough DMARC whinging Dave Cridland
- Re: Enough DMARC whinging Dave Crocker
- Re: Enough DMARC whinging Dave Cridland
- Re: Enough DMARC whinging Murray S. Kucherawy
- Re: Enough DMARC whinging Murray S. Kucherawy
- Large market player S Moonesamy
- Re: Large market player Abdussalam Baryun