Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists

Dave Crocker <dhc@dcrocker.net> Sat, 12 April 2014 20:32 UTC

Return-Path: <dhc@dcrocker.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A951A1A023C for <ietf@ietfa.amsl.com>; Sat, 12 Apr 2014 13:32:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cQhl4WIAXe17 for <ietf@ietfa.amsl.com>; Sat, 12 Apr 2014 13:32:27 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) by ietfa.amsl.com (Postfix) with ESMTP id F41CF1A023B for <ietf@ietf.org>; Sat, 12 Apr 2014 13:32:26 -0700 (PDT)
Received: from [192.168.1.66] (76-218-8-156.lightspeed.sntcca.sbcglobal.net [76.218.8.156]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id s3CKWLPF020943 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Sat, 12 Apr 2014 13:32:25 -0700
Message-ID: <5349A261.9040500@dcrocker.net>
Date: Sat, 12 Apr 2014 13:30:25 -0700
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Miles Fidelman <mfidelman@meetinghouse.net>
Subject: Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists
References: <53499A5E.9020805@meetinghouse.net>
In-Reply-To: <53499A5E.9020805@meetinghouse.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.66]); Sat, 12 Apr 2014 13:32:25 -0700 (PDT)
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/F6_7YMuS3x0rUATK854w9vsKjZA
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Apr 2014 20:32:28 -0000

On 4/12/2014 12:56 PM, Miles Fidelman wrote:
> - DMARC.org defines the "DMARC Base Specification" with a link to
> https://datatracker.ietf.org/doc/draft-kucherawy-dmarc-base/ - an IETF
> document

While the Internet-Draft mechanism is operated by the IETF, it is an 
open mechanism and issuance through it carries no automatic status, 
particularly with respect to the IETF.

The DMARC specification is not 'an IETF document'.  The current plan is 
to publish it as an RFC, through the 'Independent' stream, which also is 
/not/ an IETF activity.


> - the referenced document is an informational  Internet draft, that

Drafts do not have status.  So the qualifier 'informational' here is not 
meaningful.


> In essence, DMARC is being represented as a mature, standards-track IETF
> specification - with the implication that it's been widely vetted, and
> is marching through the traditional experimental -> optional ->
> recommended -> mandatory steps that IETF standards go through.
>
> In reality:
> - DMARC was developed by a tiny number of people, all of whom work for
> very large ISPs

Well, a few of us who participated don't...


> - as far as I can tell, all input from the broader community - notably
> mailing list developers and operators was roundly ignored or dismissed
> (the transcript is really clear on this)

What transcript?  I'm not aware of its being 'ignored or dismissed'.


> - while DMARC is at least partially tested, deploying and honoring
> "p=reject" messages is brand new, and has wreaked tremendous damage
> across the net

It's not new at all, though of course Yahoo's use is distinctive.


> - as far as I can tell, those who are behind DMARC are taking the
> position "it's not our problem" (see discussions on
> dmarc-discuss@dmarc.org and dmarc@ietf.org) - and there is nary a Yahoo
> representative to be seen anywhere

I've no idea what specifics you are referring to.


> The situation strikes me as incredibly perverse and broken - the more so
> that the perpetrators are presenting this as blessed by the IETF
> standards process.

I haven't seen anyone present such a claim of blessing.  Please point to 
the specifics.

I fear you are confusing the difference between a desire for standards 
status with a claim of its having been granted.

  d/

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net