Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists

Miles Fidelman <mfidelman@meetinghouse.net> Fri, 18 April 2014 15:52 UTC

Return-Path: <mfidelman@meetinghouse.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 708591A042D for <ietf@ietfa.amsl.com>; Fri, 18 Apr 2014 08:52:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.881
X-Spam-Level:
X-Spam-Status: No, score=-0.881 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MISSING_HEADERS=1.021, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8oUL1uLQ4m1O for <ietf@ietfa.amsl.com>; Fri, 18 Apr 2014 08:52:00 -0700 (PDT)
Received: from server1.neighborhoods.net (server1.neighborhoods.net [207.154.13.48]) by ietfa.amsl.com (Postfix) with ESMTP id 1F3661A0433 for <ietf@ietf.org>; Fri, 18 Apr 2014 08:52:00 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by server1.neighborhoods.net (Postfix) with ESMTP id B6B37CC0A8 for <ietf@ietf.org>; Fri, 18 Apr 2014 11:51:55 -0400 (EDT)
X-Virus-Scanned: by amavisd-new-2.6.2 (20081215) (Debian) at neighborhoods.net
Received: from server1.neighborhoods.net ([127.0.0.1]) by localhost (server1.neighborhoods.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 1s0OEX2O3wlM for <ietf@ietf.org>; Fri, 18 Apr 2014 11:51:47 -0400 (EDT)
Received: from new-host.home (pool-173-76-155-14.bstnma.fios.verizon.net [173.76.155.14]) by server1.neighborhoods.net (Postfix) with ESMTPSA id 08715CC09D for <ietf@ietf.org>; Fri, 18 Apr 2014 11:51:47 -0400 (EDT)
Message-ID: <53514A12.1040802@meetinghouse.net>
Date: Fri, 18 Apr 2014 11:51:46 -0400
From: Miles Fidelman <mfidelman@meetinghouse.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:28.0) Gecko/20100101 Firefox/28.0 SeaMonkey/2.25
MIME-Version: 1.0
CC: ietf <ietf@ietf.org>
Subject: Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists
References: <53499A5E.9020805@meetinghouse.net> <5349A261.9040500@dcrocker.net> <5349AE35.2000908@meetinghouse.net> <5349BCDA.7080701@gmail.com> <01P6L9JZF5SC00004W@mauve.mrochek.com> <CAL0qLwZr=wVX6eD+yGVOaxkSy5fJbuAErTshOG+2BywUvkDfAA@mail.gmail.com> <01P6QCMYYMJ000004W@mauve.mrochek.com> <6EF4DECC078B08C89F163155@JcK-HP8200.jck.com> <01P6QVVGQA4W00004W@mauve.mrochek.com> <5350A9FB.9010307@dougbarton.us> <01P6S93XQ9TI00004W@mauve.mrochek.com> <CAL0qLwbeouNWWAyanTdUHACLUds=5ZQcG0TMCW-AmMNmuE6qrw@mail.gmail.com>
In-Reply-To: <CAL0qLwbeouNWWAyanTdUHACLUds=5ZQcG0TMCW-AmMNmuE6qrw@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/D-kAItzebPMkhGq65bGncgm4jZM
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Apr 2014 15:52:03 -0000

Murray S. Kucherawy wrote:
> On Fri, Apr 18, 2014 at 7:47 AM, <ned+ietf@mauve.mrochek.com 
> <mailto:ned+ietf@mauve.mrochek.com>> wrote:
>
>
>         The message was pretty clearly, "We think DMARC is valuable
>         enough to us
>         that we plan to deploy it even though it has the unfortunate
>         side effect
>         of causing problems for mailing lists."
>
>
>     Allow me to rephrase: "We think getting our commerical mail
>     through is worth
>     sacrificing all sorts of personal mail functionality users depend
>     on. And we
>     don't care who it hurts, including some shops as large or larger
>     than we are."
>
>
> I'm not so sure delivery is the primary goal.  Rather, "We're tired of 
> the fact that we are unable to control who generates mail that appear 
> to come from our domain(s), and it's hurting us" is how that should at 
> least start.  A tarnished domain name has repercussions beyond just 
> delivery of email.
>

Given the amount of spam and other malicious mail that comes from real, 
honest-to-god, Yahoo accounts -- be it generated by spammers who obtain 
Yahoo accounts, or botnets that have obtained access to legitimate 
accounts -- perhaps Yahoo might have started closer to home in 
addressing the "tarnished brand" problem.

Pretty much the ONLY malicious mail, from Yahoo, that has ever made it 
through our spam filters, and onto any of our mailing lists, has been 
from compromised Yahoo accounts -- and that was BEFORE DMARC.

On the other hand, the only mail that ever seems to end up in my Yahoo 
mailbox (which I rarely check), is spam.

What Yahoo has just done is tarnished their brand by "breaking every 
email list in the world" - and causing pain to every one of their users 
who subscribes to mailing lists.

Kind of shooting yourself in the foot, if you ask me.  (Or blowing up 
yourself, along with your target.)

Miles Fidelman




-- 
In theory, there is no difference between theory and practice.
In practice, there is.   .... Yogi Berra