Re: Enough DMARC whinging

Phillip Hallam-Baker <> Wed, 30 April 2014 14:39 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id D077D1A08DF for <>; Wed, 30 Apr 2014 07:39:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id aU2vLroQRzKG for <>; Wed, 30 Apr 2014 07:39:24 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4010:c03::22b]) by (Postfix) with ESMTP id 24C591A08D7 for <>; Wed, 30 Apr 2014 07:39:23 -0700 (PDT)
Received: by with SMTP id c6so1297913lan.2 for <>; Wed, 30 Apr 2014 07:39:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=t46kVF45OV1wMofJnhFj274eSZdDhYAea4JqDQVB70o=; b=yKKKEYehQA+3rdhvlseuUiF5s3R3zDGEgbKtKWK9wIgzgAa+QDbWiGFbg9dpAJBtsB 0rFKcRtCrMwNqjehgpdADXeKd2zTmBeavbs+LToWcf1LQ0NGOqM+7Tij44NdoOuF/obN TgJexPdFly3DIoxDBLbxPrCFtarix6VVOVvWpGIhsUKhszF7b/2+/C1AedV4/R0d2Jzd QdkOXdHeph0VpOjzqOdL+zBrJ4AsIvaVts2Cf1j2gUjhXnSYi6HPWebJmBkVs/gJ0+qd OKNg73FzXqKnBkig5AR92bhRPrBwfyWyNTBBJwW91ylwVuY035/DeV9hABRX60h7H27h PQLg==
MIME-Version: 1.0
X-Received: by with SMTP id v12mr158898lbf.74.1398868761955; Wed, 30 Apr 2014 07:39:21 -0700 (PDT)
Received: by with HTTP; Wed, 30 Apr 2014 07:39:21 -0700 (PDT)
In-Reply-To: <>
References: <> <>
Date: Wed, 30 Apr 2014 10:39:21 -0400
Message-ID: <>
Subject: Re: Enough DMARC whinging
From: Phillip Hallam-Baker <>
To: "Andrew G. Malis" <>
Content-Type: text/plain; charset=UTF-8
Cc: IETF general list <>
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 30 Apr 2014 14:39:25 -0000

If there is a problem, I am not seeing it on gmail.

I have checked my spam filters, no mail to any IETF list there. So
unless gmail is doing a hard reject on this, I am not seeing issues.

Of course the way to make mailing lists work with DMARC would be to
look at the headers and treat messages with mailing list headers
differently. Perhaps the issue isn't in DMARC but how the information
from DMARC is applied.

With all email filtering technologies, the results of any
authentication or policy check is merely advice, not a requirement.
The sender can't impose any requirements on the receiver. Folk who get
hot under the collar about mail filtering tech tend to do so because
they don't understand that.

On Tue, Apr 29, 2014 at 6:14 PM, Andrew G. Malis <> wrote:
> Philip,
> Here are the effects that I see. I use this gmail account for my IETF
> mailing lists. I am now consistently seeing email sent from Yahoo users end
> up in my spam folder with the following embedded warning message:
> Be careful with this message. Our systems couldn't verify that this message
> was really sent by You might want to avoid clicking links or
> replying with personal information.  Learn more
> The sender, of course, is completely unaware of what is happening on the
> receiver's end, so they have no reason to want to change from Yahoo to
> another domain for posting.
> So this is imposing pain on the receiver, since I now have to consistently
> check my spam folder for valid IETF email.
> I see that you also use gmail, so you should start checking your spam folder
> as well.
> Cheers,
> Andy
> On Tue, Apr 29, 2014 at 3:54 PM, Phillip Hallam-Baker <>
> wrote:
>> I am finding it rather hard to follow the DMARC discussion. Some folk
>> have managed to convince me that they are upset but working out why
>> would require rather a lot of spec crunching.
>> My best theory so far is that DMARC is some sort of email policy
>> statement and that either (1) some companies are now publishing a
>> policy that states 'reject all mail that purports to come from this
>> address that does not have authentication Y' or (2) some companies are
>> now rejecting mail not in compliance with said policy or (3) both.
>> There is a simple truth about DNS names: Whoever owns them makes the
>> rules for their use [1]. If you don't like the rules for
>> then choose another domain to post from.
>> If people want email to work with mailing lists, then don't complain
>> about reasonable choices people want to make. Work out a way to fix
>> mailing lists so that they work properly.
>> There is no reason we can't change the way From works. Or add new from
>> headers.
>> Are we engineers or curators of the past?
>> [1] Thus be rather suspicious of folk who claim that we merely rent
>> the use on terms of their choosing.
>> --
>> Website: