Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists Thu, 17 April 2014 15:34 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 3F4721A02A0 for <>; Thu, 17 Apr 2014 08:34:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 2.794
X-Spam-Level: **
X-Spam-Status: No, score=2.794 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.793, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id gAqKLvbzwH9d for <>; Thu, 17 Apr 2014 08:34:40 -0700 (PDT)
Received: from (unknown []) by (Postfix) with ESMTP id C9ECD1A01B9 for <>; Thu, 17 Apr 2014 08:34:35 -0700 (PDT)
Received: from by (PMDF V6.1-1 #35243) id <> for; Thu, 17 Apr 2014 08:29:30 -0700 (PDT)
MIME-version: 1.0
Content-type: TEXT/PLAIN; CHARSET=iso-8859-1
Received: from by (PMDF V6.1-1 #35243) id <> (original mail from for; Thu, 17 Apr 2014 08:29:23 -0700 (PDT)
Message-id: <>
Date: Thu, 17 Apr 2014 07:41:25 -0700 (PDT)
Subject: Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists
In-reply-to: "Your message dated Thu, 17 Apr 2014 03:57:21 -0400" <>
References: <> <> <> <> <> <> <> <>
To: John C Klensin <>
Cc:, ietf <>
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 17 Apr 2014 15:34:44 -0000

John Klensin writes:

> --On Wednesday, April 16, 2014 23:00 -0700
> wrote:

> >> It seems extreme to lay blame on the IETF in general
> >> merely for having an open mechanism by which to post a draft
> >> for all to see and discuss.  A "Request For Comment", as it
> >> were.
> >
> > You may think it extreme. I don't. I think the IETF's politics
> > have led to  it inching closer to moral hazard territory for a
> > long time, and with this incident it has stepped in it.

> Indeed.  We have had warnings about where the ability of anyone
> to post anything and then claim IETF approval in external
> contexts without any fear of meaningful pushback would lead for
> a long time.  It hasn't been significantly damaging before
> because (i) we have been lucky and (ii) attempts to manipulate
> the mechanisms have come from outsiders, not insiders.

Nicely put. I completely agree.

> With DMARC, the ability to claim IETF responsibility when that is
> handy and that the IETF has no control when _that_ is handy have
> now been utilized by insiders.

Or by people with better access to insiders. It's hard to tell, and I'm not
sure it really matters.

> That comes after a history of
> the less effective approach of bringing specs into IETF WGs and
> then claiming that fundamentals cannot be changed because they
> were developed by experts in another forum.  As I think Ned
> suggested, the ADSP issue and how it was handled should have
> been another warning sign.  And, with Yahoo's move and its
> consequences (whether they anticipated them or not), we also ran
> out of luck.

An onimous phrase, isn't it? But an accurate one, I fear.

> >> Are you suggesting that
> >> process should be closed or moderated somehow?
> >
> > What I suggested is that we need to have a serious discussion
> > of what, if anything can be done to ameliorate the damage in
> > this case. Others have suggested that we also need to look at
> > how to prevent this from happening in the future. I concur.

> agreed.

> >...
> >> I would add to this that, by its ultimate inaction in the
> >> face of a protracted period of abuse and attempts by
> >> participants to solve that problem within its procedures, the
> >> IETF has abdicated any authority it may have had.
> >
> > That may be your assessment. Given subsequent comments from
> > other people,  mine is now that this effort was looking for a
> > rubber stamp, didn't like it when that didn't happen, and
> > proceeded to skirt around the edges of the process.

> > With disasterous results.

> Exactly.

> I'm also concerned that several of these efforts represent back
> door approaches to deprecating multi-hop email.  Certainly many
> things are more convenient in a single hop environment.  They
> would become even more convenient if all email were to be
> handled by a small oligarchy of providers.  To the degree to
> which one simultaneously believes in openness and privacy, those
> would be very sad outcomes.

It's not just multi-hop email - although I agree it's in danger - it's various
semantics of email that happen not be to be useful to commercial email of
various sorts, and whose presence makes the problem more challenging. John
Levine refers to all this as "send on behalf of", which isn't exactly right but
is probably close enough for purposes of this discussion.

I also find it particularly revealing that one of the arguments being made here
is along of the lines of, "Everything else has had to change, why are those
stodgy old mailing list thingies somehow exempt?" Except that's not it at all -
the approach was always essentially, "We're going to screw you, how about you
do X or Y to mitigate the damage a little?" To which the answer, predictably,
was less than enthusiastic.