Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists

[Doug Barton <dougb@dougbarton.us>]

On 04/18/2014 05:33 PM, Ned Freed wrote:
>> On 04/18/2014 07:47 AM, Ned Freed wrote:
>>>> I said: Rather than throwing up our hands and telling the DMARC
>>>> folks that we refuse to work with them unless their solution
>>>> solves the problem of our anachronistic use case that that
>>>> constitutes only a tiny percentage of their overall traffic;
>>>
>>> Again with the traffic size as justification for poor behavior.
>>> Not all messages are created equal, and some functions have
>>> utility entirely disproportionate to the amount of bandwidth they
>>> use.
>
>> Right, so the input here from the operators is, "Mailing list
>> traffic is not important enough to us to prevent us from deploying
>> an anti-spam solution that solves the vast majority of our problems
>> with little cost or difficulty. The MLM software authors will have
>> to deal with this problem on their end." And your response is to
>> stamp your feet and shout, "But my mailing list traffic IS
>> important! It is, IT IS!!!!!"
>
> I really have to wonder where you got enough straw to build a
> strawman of this size. If you actually, you know, read what I've been
> saying, it has been that this was handled extremely poorly by the
> IETF. Just not in the way you happen to believe.
>
> Your view of what happened, who the operators actually are and what
> their positions are, and what the likely consequences are going to be
> are somewhere between a gross oversimplifications and looney tunes.
> But I must say they are amusing.

First, I acknowledge that you seem to be interested in addressing the 
IETF's failings, the problem is that small matter of disagreement on 
what those failings are. You say that my version of events is "looney 
tunes," and yet there is "rough consensus and running code" backing it 
up. Even before AOL joined the p=reject team, but much more so now.

It's incredibly obvious that the IETF either didn't listen to, or didn't 
act on clear messages from the operator community on this topic. Trying 
to re-paint the failure as one of process (or whatever weird rathole you 
appear to be willing to travel) doesn't help the situation at all.

For this issue what would help is for the IETF to admit its failure, and 
take in hand the problem of solving mailing list delivery for DMARC 
protected domains (along with the MLM software authors of course). If 
there are other places where DMARC has weaknesses that can be shored up, 
let's tackle those too.

What won't help is sitting on the sidelines and whinging that the "DMARC 
cabal" "doesn't get it" and has to listen to us about how it should 
conduct their business. Because not only do they clearly not have to do 
that, they are not doing it. You will see more and more large mail 
providers implementing p=reject because it's good for them, and the 
fallout from Yahoo!'s implementation has been marginal (from their 
perspective).

 From a larger perspective it would be very useful for the IETF to take 
this message to heart in other areas, like say ... DHCPv6. But I digress. :)

> Wrong again. The evidence shows clearly that the IETF did listen, to
>  this group at least. Where the IETF failed was in not looking at the
> big picture and likely consequences, which I'm afraid is not laid out
> along the axis of "big operators all supporting DMARC" versus "tiny
> insignificant list maintainer stick-in-the-muds".

I'm not sure who you're defining as "the IETF" in this context, but the 
record seems to show that there was a non-zero number of people telling 
the DMARC folks that their spec should not be implemented because it 
doesn't solve the mailing list problem, among others. So rather than 
listening to the operators and working to solve the MLM problem, there 
was whinging, and intransigence. I don't care how you want to 
characterize the problem, the failures of communication and inaction are 
pretty clear.

Doug