Re: DMARC: perspectives from a listadmin of large open-source lists

"Murray S. Kucherawy" <> Tue, 15 April 2014 00:12 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 54D721A06D7 for <>; Mon, 14 Apr 2014 17:12:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.1
X-Spam-Status: No, score=-0.1 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id DQ_RF_jPpPgD for <>; Mon, 14 Apr 2014 17:12:14 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:400c:c00::22c]) by (Postfix) with ESMTP id 266411A0692 for <>; Mon, 14 Apr 2014 17:11:49 -0700 (PDT)
Received: by with SMTP id m15so8714715wgh.3 for <>; Mon, 14 Apr 2014 17:11:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=mWB/WJpzKYMcvwG/fSLHVoJ7eU6/rKrAPtpHEdljN1Y=; b=04SgwSS9c9FzVS2z3+9IanBvRC+nYkzybAqqik3tzRQOnVcnuUGZPztYMIFH+5OBr0 /1VHBsyPi8XkBRaO9KTo3NYimJ+GOZpVMe8XC75BTwFKkBGEFIN0H82J8wjpVgBlsVyW TXUJgEV4sslox+JwEl9A8HhbDbKwfX9UUpG2ai9KNd4wlR+YnANAabmuhoA6Lg8KofoN 2JpWjvJDujSuEWcYxhfS7xXZ+2ipSOKP5qSE/i44YvOBHkuI+x0ZbwOd9IWFJ6ZFblE9 CcJ1nUd92UiYtX253VgOtygLHMSVm7QU84dJOXBSZT6P3KwynCRqTpGj5OP2IIQzkfXq Gm/A==
MIME-Version: 1.0
X-Received: by with SMTP id fy4mr34919725wjc.30.1397520707120; Mon, 14 Apr 2014 17:11:47 -0700 (PDT)
Received: by with HTTP; Mon, 14 Apr 2014 17:11:46 -0700 (PDT)
In-Reply-To: <>
References: <20140414024956.26078.qmail@joyce.lan> <> <alpine.BSF.2.00.1404132327560.26258@joyce.lan> <> <alpine.BSF.2.00.1404132346420.26386@joyce.lan> <> <> <> <> <> <> <>
Date: Mon, 14 Apr 2014 17:11:46 -0700
Message-ID: <>
Subject: Re: DMARC: perspectives from a listadmin of large open-source lists
From: "Murray S. Kucherawy" <>
To: Dave Cridland <>
Content-Type: multipart/alternative; boundary=047d7bb03f9a5074c504f709a582
Cc: ietf <>
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 15 Apr 2014 00:12:23 -0000

On Mon, Apr 14, 2014 at 3:02 PM, Dave Cridland <> wrote:

> One of the very specific items that was on the proposed charter was
>> dealing with the question of how to integrate DMARC with mailing lists.
>> This was called out very early on as an open issue, as were some other
>> important ones:
> Right, but the WG was expected to make it work with mailing lists without
> changing it. Tough ask.

Could it not have been done as an extension?  And as I recall, one of the
proposed paths was to just record and publish DMARC as it is now, and then
get a WG going to help revise it into something that also resolves the
questions in the proposed charter, on the standards track.  This also
failed to gain acceptance.

> Sorry, but given the way in which IETF participants were asked to work on
> DMARC, there is absolutely no way you could say that the "DMARC people came
> to the IETF to [...] complete development" - it was more or less stated
> that development was done and dusted - and the IETF didn't reject it on the
> basis that no engineering work remained - the DMARC people rejected any
> engineering work happening.
> It doesn't actually matter whether you think the reasons behind this were
> valid; the fact is that you're putting one heck of a slant on recent
> history, and it's not borne out by what's in the archives.

I remember what was said.  I'm not trying to be revisionist here.  Rather,
I think I'm trying to remember all the details of a very chaotic

I can't say I blame the DMARC people, or anyone for that matter, for trying
to insulate itself against its work being bogged down for months or longer
rat-holing on things as has been the fate of so many past efforts in the
same area.  (See the thread Wes George started this morning separately.)
Maybe they tried too hard and maybe I even contributed.  But I also think
maybe the IETF needs to rethink its position on taking on work from outside
organizations in the first place, which was one of several road blocks that
came up.  Another is that it was too far along the deployment axis to be
eligible for consideration as new IETF work, regardless of whether the main
document was up for revision.  Yet another is that despite repeated
requests, we couldn't even more than a couple of people (I can remember
four) to submit substantive reviews of the current document; it seemed like
the IETF wasn't interested regardless of the other "regulatory" issues.

I don't have any idea how to retroactively fix all of that, and I suspect
it would be another rat-hole to try.  What I'd really like to talk about is
where we go from here.