Re: Will mailing lists survive DMARC?
"Livingood, Jason" <Jason_Livingood@cable.comcast.com> Tue, 29 April 2014 15:10 UTC
Return-Path: <jason_livingood@cable.comcast.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E4A61A08CF for <ietf@ietfa.amsl.com>; Tue, 29 Apr 2014 08:10:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.484
X-Spam-Level:
X-Spam-Status: No, score=-3.484 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HOST_EQ_MODEMCABLE=1.368, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tYgvpMVc8ZKW for <ietf@ietfa.amsl.com>; Tue, 29 Apr 2014 08:10:45 -0700 (PDT)
Received: from cable.comcast.com (copdcavout01.cable.comcast.com [76.96.32.253]) by ietfa.amsl.com (Postfix) with ESMTP id 8ED841A04AC for <ietf@ietf.org>; Tue, 29 Apr 2014 08:10:45 -0700 (PDT)
Received: from ([24.40.56.115]) by copdcavout01.cable.comcast.com with ESMTP id C7WM3M1.129968753; Tue, 29 Apr 2014 09:10:39 -0600
Received: from PACDCEXMB06.cable.comcast.com ([169.254.8.10]) by PACDCEXHUB02.cable.comcast.com ([fe80::2816:661:c294:c863%16]) with mapi id 14.03.0181.006; Tue, 29 Apr 2014 11:10:39 -0400
From: "Livingood, Jason" <Jason_Livingood@cable.comcast.com>
To: John C Klensin <john-ietf@jck.com>, Alessandro Vesely <vesely@tana.it>, "ietf@ietf.org" <ietf@ietf.org>
Subject: Re: Will mailing lists survive DMARC?
Thread-Topic: Will mailing lists survive DMARC?
Thread-Index: AQHPY6jlKGNv0Oe2H022Uh2NO1iYyJso0qiAgAAEyoCAAAJNgIAAE5cA///FsAA=
Date: Tue, 29 Apr 2014 15:10:18 +0000
Message-ID: <CF853909.CEDD0%jason_livingood@cable.comcast.com>
References: <20140429124528.GA1324@mx1.yitter.info> <alpine.DEB.2.02.1404291502320.29282@uplift.swm.pp.se> <535FA739.3060608@dcrocker.net> <alpine.DEB.2.02.1404291524500.29282@uplift.swm.pp.se> <14DE2BC840FF3B8AA4A167EC@JcK-HP8200.jck.com>
In-Reply-To: <14DE2BC840FF3B8AA4A167EC@JcK-HP8200.jck.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.1.140326
x-originating-ip: [68.87.16.249]
Content-Type: multipart/alternative; boundary="_000_CF853909CEDD0jasonlivingoodcablecomcastcom_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/EagDFq5qu_3QORlCOzXqbofArMU
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Apr 2014 15:10:48 -0000
FWIW, we at Comcast just posted on this subject on our Postmaster page at http://postmaster.comcast.net/dmarcupdate.html. - Jason Pasted here as well: Background Comcast recently emplemented the Domain-based Authentication, Reporting, and Conformance (DMARC)<http://dmarc.org/> specification as a new way to help prevent phishing messages from reaching our customers’ mailboxes. DMARC enables a domain to publicly indicate (via DNS) what action should be taken for mail claiming to be from that domain that does not pass authentication and get reports about phishing and spam messages that did not come from approved mail servers. Recent History Recently, the policies that AOL and Yahoo published instructed mail servers that use DMARC to reject mail if it claims to be from aol.com or yahoo.com but failed authentication – meaning the mail did not originate from an approved mail server run by AOL or Yahoo, respectively. This has reportedly caused issues for some people using AOL or Yahoo addresses with email discussion lists and other mail sending tools. More information from AOL was posted here<http://postmaster-blog.aol.com/2014/04/22/aol-mail-updates-dmarc-policy-to-reject/>. While AOL and Yahoo may be addressing spam and phishing issues in making this change, it does not yet appear to be typical DMARC usage. We have been asked whether Comcast plans to make similar changes soon, and we can confirm we have no such plans. Comcast’s Future DMARC Plans To help us improve our detection of those who use the comcast.net domain maliciously we have published a DMARC record for comcast.net, but that change WILL NOT disrupt legitimate messaging. This policy will not ask other services to reject messages that did not originate from us, but rather report those instances to us for research. We will also publish DMARC reject policies in the coming months for the domains used by our Xfinity Billing, Xfinity Home, and Customer Security Assurance notifications. These originate from specific domains and servers that we maintain. This will not negatively affect email discussion lists but will help us prevent some of phishing messages that might attempt to target our customers. If You Have Been Negatively Affected by AOL’s and Yahoo’s Changes If you are an Xfinity Internet customer, use an AOL or Yahoo email account regularly, and are having problems getting email from email discussion lists or other tools at those addresses, we invite you consider activating or using your comcast.net email account. To signup, add, or change your email account - Click Here<http://customer.comcast.com/help-and-support/internet/stay-connected-with-email/> Once your email address is registered, you can access it in several ways: For webmail users - Click Here<http://customer.comcast.com/help-and-support/internet/using-xfinity-connect-for-comcast-email/> For email client users - Click Here<http://customer.comcast.com/help-and-support/internet/email-client-programs-with-xfinity-email/> For mobile email users - Click Here<http://customer.comcast.com/help-and-support/internet/comcast-email-mobile-devices/> On 4/29/14, 10:39 AM, "John C Klensin" <john-ietf@jck.com<mailto:john-ietf@jck.com>> wrote: An odd, and somewhat nasty, thought... So far, the two organizations (at least of which I'm aware) that have made more or less public announcements of their intentions to use the sort of restrictive policies that cause mailing list problems are not only large providers of email but also large providers of online forums, social group discussions, etc. So are several of the other member-contributor organizations to dmarc.org. As far as can be observed from the outside, those forums and discussion groups make considerable contributions to the bottom lines of those providers -- in most cases, they allow those organizations to sell advertising and/or to sell their users and their interest profiles to advertisers. Email, by contrast, is typically a service they provide in conjunction with those other services but is not, itself, generally a profit center. For many of the users and uses of the extended Internet, mailing lists are the historical predecessor, and sometimes a contemporary alternative, to those forums and centralized "social network" discussions. If one examines those relationships, there is a case to be made that the problems they cause to mailing lists is not "collateral damage" at all. Even if the effects were discovered by accident, continued use of DMARC with restrictive policies has the consequence of driving traffic away from mailing lists, perhaps especially mailing lists operated by smaller providers and non-profits, toward use of the for-profit systems operated by those same (to quote another recent comment) "too big to ignore" operators with a positive effect on their bottom line to the detriment of other operators and ways of doing things. Behaviors by large ("dominant", "too big to ignore", etc.) industry actors that have the effect of driving alternate solutions or providers out by mechanisms other than fair competition in the marketplace, especially when those mechanisms come out of collaborations among such actors, are, if other conditions are met, rather seriously illegal in many countries. If intent can be demonstrated, they are even more so. So, as a purely hypothetical set of questions (I am not recommending anything), I wonder what would happen if some of the people who have been claiming they or the general public are harmed by this would, instead of asking what the IETF can do about something that is not an IETF Standard, went to their local "competitiveness" or "antitrust" authorities, explained the situation and started complaining? I also wonder whether the IETF and ISOC have, or should seek, legal advice about how to keep adequate distance between themselves and this situation should some relevant jurisdiction initiate an investigation or enforcement action. Just curious. john
- Will mailing lists survive DMARC? Alessandro Vesely
- Re: Will mailing lists survive DMARC? Mikael Abrahamsson
- Re: Will mailing lists survive DMARC? Patrik Fältström
- Re: Will mailing lists survive DMARC? Mark Andrews
- Re: Will mailing lists survive DMARC? Andrew Sullivan
- Re: Will mailing lists survive DMARC? Patrik Fältström
- Re: Will mailing lists survive DMARC? Mikael Abrahamsson
- Re: Will mailing lists survive DMARC? Dave Crocker
- Re: Will mailing lists survive DMARC? Mikael Abrahamsson
- Re: Will mailing lists survive DMARC? Dave Crocker
- Re: Will mailing lists survive DMARC? Alessandro Vesely
- Re: Will mailing lists survive DMARC? Måns Nilsson
- Re: Will mailing lists survive DMARC? John C Klensin
- Re: Will mailing lists survive DMARC? Livingood, Jason
- Re: Will mailing lists survive DMARC? John Levine
- Re: Will mailing lists survive DMARC? S Moonesamy
- Re: Will mailing lists survive DMARC? John Levine
- Re: Will mailing lists survive DMARC? Patrik Fältström
- Re: Will mailing lists survive DMARC? Hector Santos
- Re: Will mailing lists survive DMARC? Douglas Otis
- Re: Will mailing lists survive DMARC? Murray S. Kucherawy
- Re: Will mailing lists survive DMARC? Murray S. Kucherawy
- Re: Will mailing lists survive DMARC? John R Levine
- Re: Will mailing lists survive DMARC? Douglas Otis
- Re: Will mailing lists survive DMARC? Hector Santos
- Re: Will mailing lists survive DMARC? Alessandro Vesely
- Re: Will mailing lists survive DMARC? Hector Santos