Re: DMARC methods in mailman --- [LEDE-DEV] DMARC related mass bounces / disabled subscriptions (fwd) Jo-Philipp Wich: [LEDE-DEV] DMARC related mass bounces / disabled subscriptions

Michael Richardson <mcr+ietf@sandelman.ca> Mon, 19 December 2016 02:19 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E26F7129666 for <ietf@ietfa.amsl.com>; Sun, 18 Dec 2016 18:19:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.001
X-Spam-Level:
X-Spam-Status: No, score=-5.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-3.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Tdx55RB23Yy for <ietf@ietfa.amsl.com>; Sun, 18 Dec 2016 18:19:08 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9143D1294BE for <ietf@ietf.org>; Sun, 18 Dec 2016 18:19:08 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 26DD2200A3; Sun, 18 Dec 2016 21:37:14 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id ABC0363768; Sun, 18 Dec 2016 21:19:07 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Subject: Re: DMARC methods in mailman --- [LEDE-DEV] DMARC related mass bounces / disabled subscriptions (fwd) Jo-Philipp Wich: [LEDE-DEV] DMARC related mass bounces / disabled subscriptions
In-Reply-To: <fe75a2a0-6127-d29a-8259-a82ddbbc966f@gmail.com>
References: <25431.1481725548@obiwan.sandelman.ca> <5EF6F271-1CF7-4981-8E83-C7A7B49DB8F2@gmail.com> <CDE8A76C-ECD7-4370-9823-3C78144A8850@nohats.ca> <24005.1481827604@obiwan.sandelman.ca> <alpine.LRH.2.20.1612151513060.15183@bofh.nohats.ca> <20161216202704.glz5vgu773gqqgvm@thunk.org> <20161216203905.GD13486@mournblade.imrryr.org> <01Q8KHVOKE2C011H9Q@mauve.mrochek.com> <m21sx6u8sb.wl-randy@psg.com> <6D2E8F8E-1B02-46EA-B202-D23E5385CFF5@gmail.com> <20161217151451.hx5co6mjqmi2jakg@thunk.org> <13749.1482005985@dooku.sandelman.ca> <fe75a2a0-6127-d29a-8259-a82ddbbc966f@gmail.com>
X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Sun, 18 Dec 2016 21:19:07 -0500
Message-ID: <15836.1482113947@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/C5GOgodreloNnJ4mJNbW-xOZ8_I>
Cc: IETF discussion list <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Dec 2016 02:19:10 -0000

Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
    >> > Yeah, it's the "sometimes mail gets lost" problem which is the main
    >> > issue.  So it might actually be better to have the mailing list
    >> > software refuse to accept a mailing list posting from a domain with a
    >> > DMARC record, and it can be bounced back to the sender immediately
    >> > with a "sorry, try again using some e-mail address that does not have
    >> > DMARC support".
    >>
    >> I really think that this is the right answer for our community.

    > I don't. Accept the posting but also send a friendly warning seems to do less damage.

    >> The DMARC policy is not to forward, and we should respect it.

    > Why does DMARC, which is a broken solution, deserve that much respect?

rfc7489 is Informational, via ISE. Not WG or IETF consensus, it's true.
Perhaps the IESG should have blocked it, saying it was a run-around, I don't
know.  Lots of people said it had these problems.

The problem is that it has fundamentally changed how SMTP works (including
SPF and DKIM as part of that "suite"), and it isn't even standards track!

But, if we don't want to process it, then we need to do that in a way that
does not cause people to be kicked off the mailing list.

    >> When ARC gets standardized, we should implement it.

    > Assuming it solves the problem, sure. But if it doesn't, the problem will
    > get much worse.

I have no idea if it will work, but at least, if we were respecting DMARC,
then the large providers would have some incentive (if small) to make sure
ARC will work, and will get implemented.

--
Michael Richardson <mcr+IETF@sandelman.ca>ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-