Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists
Douglas Otis <doug.mtview@gmail.com> Thu, 17 April 2014 07:08 UTC
Return-Path: <doug.mtview@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77BF01A0464 for <ietf@ietfa.amsl.com>; Thu, 17 Apr 2014 00:08:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OxAJhJo1B6DC for <ietf@ietfa.amsl.com>; Thu, 17 Apr 2014 00:08:14 -0700 (PDT)
Received: from mail-pb0-x22d.google.com (mail-pb0-x22d.google.com [IPv6:2607:f8b0:400e:c01::22d]) by ietfa.amsl.com (Postfix) with ESMTP id 088451A0083 for <ietf@ietf.org>; Thu, 17 Apr 2014 00:08:13 -0700 (PDT)
Received: by mail-pb0-f45.google.com with SMTP id uo5so57940pbc.4 for <ietf@ietf.org>; Thu, 17 Apr 2014 00:08:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=8keqasVNCv9owhQD/cc8GQgfQxW0TmjCkccBUsGJlME=; b=yn2v3230l4Vot/U6c2l73TLF9+728dgwU4aTx8+A3qsaJctp1KMuwLN2pZi2zSsl2+ BQ7fJOdmUKNO9gNJCJbAyt71YJAlmXaS7fKt5qpo4ZNMj9ocQp5lGDLDgBumPC2mdR6d TMojxjEzuYWcpqFA0FqMgJZxuhSJcoRC5AQubqJAYDvP+QXI6a+mzo7K3HOSLA7zOYpl 4W82sgg/daWz96UAeJihJRDRfq1JAPMIvM1ET3CwUs47k7hl2qTYE8RWhBGMR/tVSj/l ttIUraC/tA7gpYs1m3f0buWaAbH6mG/mhWCN6bW+G16Pj4g5t3L4n/dLiN/iLm+eMvmB t3Gw==
X-Received: by 10.66.180.34 with SMTP id dl2mr13746865pac.124.1397718490630; Thu, 17 Apr 2014 00:08:10 -0700 (PDT)
Received: from ?IPv6:2601:9:7680:203:c911:e11e:917b:b094? ([2601:9:7680:203:c911:e11e:917b:b094]) by mx.google.com with ESMTPSA id vg1sm51438523pbc.44.2014.04.17.00.08.08 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 17 Apr 2014 00:08:09 -0700 (PDT)
Content-Type: text/plain; charset="iso-8859-1"
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
Subject: Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists
From: Douglas Otis <doug.mtview@gmail.com>
In-Reply-To: <01P6QCMYYMJ000004W@mauve.mrochek.com>
Date: Thu, 17 Apr 2014 00:08:08 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <833BDCD2-1157-4914-B385-C300AF33E2D4@gmail.com>
References: <53499A5E.9020805@meetinghouse.net> <5349A261.9040500@dcrocker.net> <5349AE35.2000908@meetinghouse.net> <5349BCDA.7080701@gmail.com> <01P6L9JZF5SC00004W@mauve.mrochek.com> <CAL0qLwZr=wVX6eD+yGVOaxkSy5fJbuAErTshOG+2BywUvkDfAA@mail.gmail.com> <01P6QCMYYMJ000004W@mauve.mrochek.com>
To: ned+ietf@mauve.mrochek.com
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/CsRuzKj_bkSgGr-YED6jJgCJnCU
Cc: ietf <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Apr 2014 07:08:19 -0000
On Apr 16, 2014, at 11:00 PM, ned+ietf@mauve.mrochek.com wrote: >> On Sat, Apr 12, 2014 at 4:35 PM, <ned+ietf@mauve.mrochek.com> wrote: > >>> The underlying technical issue is that the two technologies DMARC is built >>> on - >>> DKIM and SPF - both attach additional/restrictive semantics to >>> longstanding mail >>> system fields. (Broadly speaking, From: for DKIM and MAIL FROM for SPF.) >>> > >> Something's amiss here. What new semantics does DKIM attach to From:? As >> far as I know, it only requires that the field be signed. It doesn't >> require that it be interpreted in a particular way or that it contain any >> particular value. > > I was trying to be brief. Yes, I'm well aware that DKIM can be used in other > ways. This entire discussion is within the context of DMARC here. Do you > disagree that DMARC's use of DKIM and SPF assign additional semantics to header > and envelope from fields respectively? Dear Ned, Murray is correct. DKIM does not create special From header field semantics. However, DMARC semantics are similar to those of ADSP while avoiding some shortcomings. >>> Like it or not, the IETF published a draft that defines certain mechanisms >>> which, if used improperly by a large provider, cause serious problems for a >>> large number of people. The text describing the consequences of the use of >>> those mechansisms in the drafts is, IMO, entirely inadequate. >>> > >> It's the same document that was posted on other web sites for some time, >> and was in use by a number of operators (including Yahoo) long before it >> went into the datatracker. > > So? > >> As it's only a draft, there's ample opportunity to make such improvements. > > You're missing the point. When Yahoo made this change wouldn't it have been > nice to be able to point to the draft and say, "This is explicitly contrary > to what the draft says"? Agreed. >> Also: By "the IETF published a draft", are you talking about an RFC, or the >> DMARC base draft? > > The draft, of course. > >> It seems extreme to lay blame on the IETF in general >> merely for having an open mechanism by which to post a draft for all to see >> and discuss. A "Request For Comment", as it were. > > You may think it extreme. I don't. I think the IETF's politics have led to it > inching closer to moral hazard territory for a long time, and with this > incident it has stepped in it. This disruption should be shared with the provider that has already enumerated 30,000 mailing-lists but made no effort to establish a means to verify these sources and to safely assert specific exceptions to DMARC alignment requirements. This ability is desperately needed before applying DMARC reject on user accounts. I'll be happy to modify either ATP or ATPS to permit these exceptions without the need to alter mailing-list. >> Are you suggesting that >> process should be closed or moderated somehow? > > What I suggested is that we need to have a serious discussion of what, if > anything can be done to ameliorate the damage in this case. Others have > suggested that we also need to look at how to prevent this from happening > in the future. I concur. > >>> And it's not like we didn't know. As others have pointed out, this issue >>> existed in the earlier ADSP proposal. It was given insufficient attention >>> there as well. > >> As with any draft, its content is only as good as its contributions and the >> reviews it got. > > I hope you're not saying that this is now fault of the people who failed to > contribute to the draft. These comments were made more than one year ago and ignored. >>> Of course the IETF can fall back on the usual excuses, including, but not >>> limited to: >>> >>> Yahoo, of all ISPs, should have known better >>> We don't tell people what to do >>> It was just a draft >>> It was never intended to be a standard >>> We're not the Internet Protocol Police >>> etc. >>> >>> I'm sorry, but this time none of these dogs are hunting for me. An >>> attractive >>> nuisance is an attractive nuisance, and this is what the IETF has, albeit >>> with >>> the best of intentions, managed to create. >>> > >> I would add to this that, by its ultimate inaction in the face of a >> protracted period of abuse and attempts by participants to solve that >> problem within its procedures, the IETF has abdicated any authority it may >> have had. > > That may be your assessment. Given subsequent comments from other people, mine > is now that this effort was looking for a rubber stamp, didn't like it when > that didn't happen, and proceeded to skirt around the edges of the process. > > With disasterous results. Agreed. They seemed motivated into creating a system finely tuned for bulk senders while ignoring needs of individual users. After all, bulk mailers contribute to their bottom line, but they may find users voting with their feet which may have the effect of reducing ad revenues due to fewer eyeballs. Regards, Douglas Otis
- DMARC from the perspective of the listadmin of a … Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Dave Crocker
- Re: DMARC from the perspective of the listadmin o… Michael Richardson
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Hector Santos
- Re: DMARC from the perspective of the listadmin o… Brian E Carpenter
- Re: DMARC from the perspective of the listadmin o… Theodore Ts'o
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Mark Andrews
- Re: DMARC from the perspective of the listadmin o… Hector Santos
- Re: DMARC from the perspective of the listadmin o… Douglas Otis
- Re: DMARC from the perspective of the listadmin o… Dave Crocker
- Re: DMARC from the perspective of the listadmin o… Andrew G. Malis
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… John Levine
- Re: DMARC from the perspective of the listadmin o… Brian E Carpenter
- Re: DMARC from the perspective of the listadmin o… Brian E Carpenter
- Re: DMARC from the perspective of the listadmin o… Theodore Ts'o
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Dick Franks
- Re: DMARC from the perspective of the listadmin o… Dick Franks
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re[2]: DMARC and yahoo mohammed serrhini
- Re: DMARC from the perspective of the listadmin o… Hector Santos
- Re: DMARC from the perspective of the listadmin o… Dick Franks
- Re: DMARC from the perspective of the listadmin o… Murray S. Kucherawy
- Re: DMARC from the perspective of the listadmin o… Dave Crocker
- Re: DMARC and yahoo Doug Royer
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Murray S. Kucherawy
- Re: DMARC from the perspective of the listadmin o… Warren Kumari
- Re: DMARC from the perspective of the listadmin o… Murray S. Kucherawy
- RE: DMARC from the perspective of the listadmin o… MH Michael Hammer (5304)
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC and yahoo Theodore Ts'o
- Re: DMARC from the perspective of the listadmin o… Dick Franks
- Re: DMARC from the perspective of the listadmin o… Brian E Carpenter
- Re: DMARC from the perspective of the listadmin o… Rolf E. Sonneveld
- Re: DMARC from the perspective of the listadmin o… Dave Crocker
- Re: DMARC from the perspective of the listadmin o… Murray S. Kucherawy
- Re: DMARC from the perspective of the listadmin o… Murray S. Kucherawy
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Dave Cridland
- Re: DMARC from the perspective of the listadmin o… Dick Franks
- What I've been wondering about the DMARC problem Brian E Carpenter
- Re: What I've been wondering about the DMARC prob… Doug Barton
- Re: DMARC and yahoo Doug Royer
- Re: What I've been wondering about the DMARC prob… Miles Fidelman
- Re: What I've been wondering about the DMARC prob… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Ted Lemon
- Re: What I've been wondering about the DMARC prob… Theodore Ts'o
- Re: DMARC from the perspective of the listadmin o… Scott Kitterman
- Re: DMARC and yahoo Theodore Ts'o
- What I've been wondering about the DMARC problem Abdussalam Baryun
- Re: What I've been wondering about the DMARC prob… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Sabahattin Gucukoglu
- Re: What I've been wondering about the DMARC prob… Seth Johnson
- Re: What I've been wondering about the DMARC prob… Seth Johnson
- RE: What I've been wondering about the DMARC prob… l.wood
- Re: DMARC and yahoo Douglas Otis
- Re: What I've been wondering about the DMARC prob… Seth Johnson
- Re: What I've been wondering about the DMARC prob… Dave Crocker
- Re: DMARC from the perspective of the listadmin o… Hector Santos
- Re: What I've been wondering about the DMARC prob… Miles Fidelman
- Re: What I've been wondering about the DMARC prob… Seth Johnson
- Re: What I've been wondering about the DMARC prob… Miles Fidelman
- Re: What I've been wondering about the DMARC prob… Paul Ferguson
- Re: What I've been wondering about the DMARC prob… Miles Fidelman
- Re: What I've been wondering about the DMARC prob… Hector Santos
- Re: What I've been wondering about the DMARC prob… Miles Fidelman
- RE: What I've been wondering about the DMARC prob… MH Michael Hammer (5304)
- Re: What I've been wondering about the DMARC prob… Hector Santos
- RE: What I've been wondering about the DMARC prob… MH Michael Hammer (5304)
- Re: What I've been wondering about the DMARC prob… Brian E Carpenter
- Re: DMARC and yahoo Doug Royer
- Re: DMARC and yahoo Theodore Ts'o
- Re: DMARC and yahoo Michael Richardson
- Re: DMARC and yahoo Theodore Ts'o
- Re: What I've been wondering about the DMARC prob… Sabahattin Gucukoglu
- Re: DMARC and yahoo Stephen Farrell
- Re: DMARC and yahoo Hector Santos
- Re: DMARC and yahoo Randy Bush
- Re: DMARC and yahoo Yoav Nir
- RE: DMARC and yahoo MH Michael Hammer (5304)
- Re: DMARC and yahoo Theodore Ts'o
- RE: DMARC and yahoo MH Michael Hammer (5304)
- Re: What I've been wondering about the DMARC prob… Jim Fenton
- Re: What I've been wondering about the DMARC prob… Brian E Carpenter
- Re: DMARC and yahoo Miles Fidelman
- RE: DMARC and yahoo l.wood
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… Douglas Otis
- Re: DMARC from the perspective of the listadmin o… John C Klensin
- Re: What I've been wondering about the DMARC prob… Sabahattin Gucukoglu
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: What I've been wondering about the DMARC prob… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Hector Santos
- Re: What I've been wondering about the DMARC prob… Brian E Carpenter
- Re: What I've been wondering about the DMARC prob… Theodore Ts'o
- Re: What I've been wondering about the DMARC prob… John Levine
- Re: DMARC from the perspective of the listadmin o… Martin Rex
- Re: DMARC from the perspective of the listadmin o… Doug Barton
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… Murray S. Kucherawy
- Re: DMARC from the perspective of the listadmin o… John Levine
- Re: What I've been wondering about the DMARC prob… Murray S. Kucherawy
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: What I've been wondering about the DMARC prob… Sabahattin Gucukoglu
- Re: What I've been wondering about the DMARC prob… Sabahattin Gucukoglu
- RE: DMARC from the perspective of the listadmin o… MH Michael Hammer (5304)
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- RE: DMARC from the perspective of the listadmin o… MH Michael Hammer (5304)
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Doug Barton
- Re: DMARC from the perspective of the listadmin o… Theodore Ts'o
- Re: DMARC from the perspective of the listadmin o… Randy Bush
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… John C Klensin
- Re: What I've been wondering about the DMARC prob… ned+ietf
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… Hector Santos
- Re: DMARC from the perspective of the listadmin o… John C Klensin
- Re: DMARC from the perspective of the listadmin o… Pete Resnick
- Re: DMARC and yahoo Jeffrey Altman
- Re: DMARC and yahoo John Levine
- Re: DMARC and yahoo Hector Santos
- Re: DMARC and yahoo John C Klensin
- Re: DMARC and yahoo Brian E Carpenter
- One size doesn't fit all [Re: DMARC ....] Brian E Carpenter
- Re: DMARC from the perspective of the listadmin o… Dave Crocker
- Somebody always claims something (was Re: DMARC f… Dave Crocker
- Re: DMARC and yahoo Doug Barton
- Re: DMARC and yahoo Hector Santos
- Re: DMARC and yahoo Theodore Ts'o
- RE: DMARC and yahoo Christian Huitema
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC and yahoo Yoav Nir
- Re: DMARC and yahoo John Levine
- Re: DMARC and yahoo Dave Crocker
- Re: What I've been wondering about the DMARC prob… Murray S. Kucherawy
- Re: DMARC and yahoo Doug Royer
- Re: What I've been wondering about the DMARC prob… ned+ietf
- Re: DMARC and yahoo Dave Crocker
- Re: DMARC and yahoo Douglas Otis
- Re: What I've been wondering about the DMARC prob… John Levine
- Re: DMARC and yahoo Brian E Carpenter
- Re: What I've been wondering about the DMARC prob… Murray S. Kucherawy
- Re: DMARC and yahoo Rolf E. Sonneveld
- Re: What I've been wondering about the DMARC prob… ned+ietf
- Re: DMARC and yahoo Douglas Otis
- Re: DMARC from the perspective of the listadmin o… Doug Barton
- Re: DMARC from the perspective of the listadmin o… Martin Rex
- Re: DMARC from the perspective of the listadmin o… Doug Barton
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Martin Rex
- Re: DMARC from the perspective of the listadmin o… Scott Kitterman
- Re: DMARC from the perspective of the listadmin o… Douglas Otis
- Re: DMARC from the perspective of the listadmin o… Scott Kitterman
- Re: DMARC from the perspective of the listadmin o… Martin Rex
- Re: DMARC from the perspective of the listadmin o… John R Levine
- Re: DMARC from the perspective of the listadmin o… Ted Lemon
- Re: DMARC from the perspective of the listadmin o… ned+ietf
- Re: DMARC from the perspective of the listadmin o… Dave Crocker
- Re: DMARC from the perspective of the listadmin o… Martin Rex
- Re: DMARC from the perspective of the listadmin o… Douglas Otis
- Re: DMARC from the perspective of the listadmin o… Hector Santos
- The IETF environment (was: Re: DMARC from the per… ned+ietf
- Re: The IETF environment Dave Crocker
- RE: The IETF environment Adrian Farrel
- Re: The IETF environment Miles Fidelman
- Re: The IETF environment Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Miles Fidelman
- Re: DMARC from the perspective of the listadmin o… Murray S. Kucherawy
- Re: The IETF environment Abdussalam Baryun
- Re: The IETF environment Dale R. Worley
- Re: The IETF environment Brian E Carpenter
- Re: The IETF environment Dave Crocker
- Re: The IETF environment Phillip Hallam-Baker
- Re: DMARC from the perspective of the listadmin o… Hector Santos
- Re: The IETF environment S Moonesamy
- Re: The IETF environment Dave Crocker
- Re: The IETF environment Miles Fidelman
- RE: The IETF environment Christian Huitema
- Re: The IETF environment S Moonesamy
- Re: The IETF environment Miles Fidelman
- Workshop effects [Re: The IETF environment] Brian E Carpenter
- Re: Workshop effects [Re: The IETF environment] Abdussalam Baryun