Re: DMARC: perspectives from a listadmin of large open-source lists

Scott Kitterman <> Tue, 15 April 2014 23:15 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 66EF51A0063 for <>; Tue, 15 Apr 2014 16:15:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.698
X-Spam-Status: No, score=0.698 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id y-3o4hcEpFd0 for <>; Tue, 15 Apr 2014 16:15:22 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 4B8181A0059 for <>; Tue, 15 Apr 2014 16:15:22 -0700 (PDT)
Received: from (localhost []) by (Postfix) with ESMTP id 0A3BCD043F1; Tue, 15 Apr 2014 19:15:19 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=2014-01; t=1397603719; bh=SecHU6I4zdO38IIXAkn89QX7qTsN81AYkIL/vLDIC+0=; h=In-Reply-To:References:Subject:From:Date:To:From; b=V/YcHsKM/UqLVcJeAl6YEikj1MkCKKSf5FUgGMu6jRRfLRjv1uYI5gjFajm1ScW2q tNtWhYYjrOgI4VZIcJn8n68FUa32uBySU/bsA4LP6GmNSg3BlU3Brbp6+DwoelerrQ cetWLzkSe94Yz29+2NLR21X9MsZRMANJeDOmniZc=
Received: from [IPV6:2600:1003:b120:6c43:5810:e380:3212:8f9] (unknown [IPv6:2600:1003:b120:6c43:5810:e380:3212:8f9]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 8A4B6D04326; Tue, 15 Apr 2014 19:15:18 -0400 (EDT)
User-Agent: K-9 Mail for Android
In-Reply-To: <>
References: <20140414024956.26078.qmail@joyce.lan> <> <> <1485381.SfhK6qmW0I@scott-latitude-e6320> <>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=UTF-8
Subject: Re: DMARC: perspectives from a listadmin of large open-source lists
From: Scott Kitterman <>
Date: Tue, 15 Apr 2014 19:15:15 -0400
Message-ID: <>
X-AV-Checked: ClamAV using ClamSMTP
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 15 Apr 2014 23:15:28 -0000

On April 15, 2014 12:25:40 PM EDT, Dave Crocker <> wrote:
>On 4/14/2014 8:35 PM, Scott Kitterman wrote:
>> On Monday, April 14, 2014 10:26:44 Murray S. Kucherawy wrote:
>>> I mentioned in another thread that the DMARC people did come to the
>IETF to
>>> ask for a working group to complete development of the work on the
>>> standards track.  This request was denied on the grounds that DMARC
>>> essentially already done, and thus the IETF had nothing
>engineering-wise to
>>> contribute.  There were also too few people that were not already
>>> proponents that would commit to working on it.
>>> (And as I said on that other thread, I'm happy to stand corrected if
>>> mischaracterized any of that.)
>> My perception (and it may also be wrong) is that anyone who claimed
>there was
>> work yet to be done was shouted down.
>Given that the exchanges were on an open mailing list, I'm not quite 
>sure what that means.
>What I am sure of is that I've pressed quite vigorously and repeatedly,
>first on the open mailing list and then on the IETF DMARC 
>mailing list, for folk to cite work that needed to be done and to 
>develop group support for that work.
>What I saw was some individuals suggesting some bits of work, but no 
>support developed around it.  (By 'support' I mean more than a few
>Perhaps you can point to specific examples of this 'shouting down' 
>What I also saw was some folk insisting that the charter be vague and 
>unconstrained, with no concern for the installed base.
>> As I said in the other thread, I think the only reason it was
>perceived as
>> done is that the private group that developed the spec declared it
>done and
>> fought against any WG charter language that would have permitted
>changes to
>> the core protocol.    Based on that approach, no wonder it was
>Changes to the core of a protocol is the essence of de-stabilizing its 
>installed base.
>Writing a charter that permits de-stabilizing a substantial installed 
>base only makes sense when there is a clear and compelling basis
>known for needing to make such changes.
>With respect to DMARC, none has been offered or has developed community
>Writing a charter that permits de-stablilizing an installed base 
>covering 60% of the world's email traffic, in the absence of a clear
>compelling understanding of the need would be irresponsible.
>Arguably, the mere existence of such a charter would be de-stabilizing,
>since it means that anyone considering adoption has an excuse to defer 
>it to the indefinite future, when the IETF might get around to
>a revision.
Considering we're just in the finishing stages of spfbis, which you participated in significantly, and none of those fears were realized despite a charter that permitted incompatible changes if really needed I have a hard time understanding how you would believe all that to be true. 

I think we entirely agree on the facts.  I fully concur you have been loud and vigorous.

I also think it's not at all surprising given the volume and vigor coming from the DMARC developers that not that many people jumped up and lept into the fray.

Scott K