Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists Fri, 25 April 2014 03:17 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 6CEF41A02F4 for <>; Thu, 24 Apr 2014 20:17:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 4.226
X-Spam-Level: ****
X-Spam-Status: No, score=4.226 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HK_SCAM_N13=3.1, J_CHICKENPOX_16=0.6, RP_MATCHES_RCVD=-0.272, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id VE1gmGrhC9Ky for <>; Thu, 24 Apr 2014 20:17:12 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 1C9611A0107 for <>; Thu, 24 Apr 2014 20:17:12 -0700 (PDT)
Received: from by (PMDF V6.1-1 #35243) id <> for; Thu, 24 Apr 2014 20:12:02 -0700 (PDT)
MIME-version: 1.0
Content-type: TEXT/PLAIN; CHARSET=iso-8859-1; format=flowed
Received: from by (PMDF V6.1-1 #35243) id <> (original mail from for; Thu, 24 Apr 2014 20:11:57 -0700 (PDT)
Message-id: <>
Date: Thu, 24 Apr 2014 19:45:02 -0700 (PDT)
Subject: Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists
In-reply-to: "Your message dated Tue, 22 Apr 2014 15:50:39 -0700" <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <>
To: Doug Barton <>
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 25 Apr 2014 03:17:13 -0000

> On 04/18/2014 05:33 PM, Ned Freed wrote:
> >> On 04/18/2014 07:47 AM, Ned Freed wrote:
> >>>> I said: Rather than throwing up our hands and telling the DMARC
> >>>> folks that we refuse to work with them unless their solution
> >>>> solves the problem of our anachronistic use case that that
> >>>> constitutes only a tiny percentage of their overall traffic;
> >>>
> >>> Again with the traffic size as justification for poor behavior.
> >>> Not all messages are created equal, and some functions have
> >>> utility entirely disproportionate to the amount of bandwidth they
> >>> use.
> >
> >> Right, so the input here from the operators is, "Mailing list
> >> traffic is not important enough to us to prevent us from deploying
> >> an anti-spam solution that solves the vast majority of our problems
> >> with little cost or difficulty. The MLM software authors will have
> >> to deal with this problem on their end." And your response is to
> >> stamp your feet and shout, "But my mailing list traffic IS
> >> important! It is, IT IS!!!!!"
> >
> > I really have to wonder where you got enough straw to build a
> > strawman of this size. If you actually, you know, read what I've been
> > saying, it has been that this was handled extremely poorly by the
> > IETF. Just not in the way you happen to believe.
> >
> > Your view of what happened, who the operators actually are and what
> > their positions are, and what the likely consequences are going to be
> > are somewhere between a gross oversimplifications and looney tunes.
> > But I must say they are amusing.

> First, I acknowledge that you seem to be interested in addressing the
> IETF's failings, the problem is that small matter of disagreement on
> what those failings are. You say that my version of events is "looney
> tunes," and yet there is "rough consensus and running code" backing it
> up.

What is this "rough consensus and running code of which you speak?" My
understanding of that phrase has always been that it refers to the assessment
of documents within the IETF process. Exactly how is that supposed to apply
to independent documents such as this one?

And if you're talking about there being a consensus among serevice providers
regarding the use of p=reject in the fashion of AOL and Yahoo, I've seen
absolutely no evidence of that. Indeed, I've seen exactly the opposite. Our
customers tend to be very large concerns, and while I cannot get into specifics
for obvious reasons, I can assure you that they are not all hunkey-dorey with
what Yahoo and AOL are doing.

> Even before AOL joined the p=reject team, but much more so now.

Seriously? A move by a single provider, now joined by another, represents some
sort of industry consensus?

> It's incredibly obvious that the IETF either didn't listen to, or didn't
> act on clear messages from the operator community on this topic.

Well, here I sort of agree. What the IETF didn't do is react to the danger this
posed in a timely way. Either on a technical or political level.

> Trying
> to re-paint the failure as one of process (or whatever weird rathole you
> appear to be willing to travel) doesn't help the situation at all.

And that means... what, exactly? Of course fixing process issues after the fact
aren't going to help the present situation any.

> For this issue what would help is for the IETF to admit its failure, and
> take in hand the problem of solving mailing list delivery for DMARC
> protected domains (along with the MLM software authors of course). If
> there are other places where DMARC has weaknesses that can be shored up,
> let's tackle those too.

Again, what part of "unwilling to make any changes" did you not understand?

> What won't help is sitting on the sidelines and whinging that the "DMARC
> cabal" "doesn't get it" and has to listen to us about how it should
> conduct their business.

Of course it wouldn't help. Which is why I never did that.

> Because not only do they clearly not have to do
> that, they are not doing it. You will see more and more large mail
> providers implementing p=reject because it's good for them, and the
> fallout from Yahoo!'s implementation has been marginal (from their
> perspective).

I have no doubt that some other providers who have mixed business transaction
mail on the same domain with personal email will follow suit. I'm skeptical
this will extend to those like Google who have kept them separate, or providers
that focus on providing personal mail accounts.

Only time will tell.

>  From a larger perspective it would be very useful for the IETF to take
> this message to heart in other areas, like say ... DHCPv6. But I digress. :)

> > Wrong again. The evidence shows clearly that the IETF did listen, to
> >  this group at least. Where the IETF failed was in not looking at the
> > big picture and likely consequences, which I'm afraid is not laid out
> > along the axis of "big operators all supporting DMARC" versus "tiny
> > insignificant list maintainer stick-in-the-muds".

> I'm not sure who you're defining as "the IETF" in this context, but the
> record seems to show that there was a non-zero number of people telling
> the DMARC folks that their spec should not be implemented because it
> doesn't solve the mailing list problem, among others. So rather than
> listening to the operators and working to solve the MLM problem, there
> was whinging, and intransigence. I don't care how you want to
> characterize the problem, the failures of communication and inaction are
> pretty clear.

Suffice it to say I don't see it that way.

And with this reply I'm done with this conversation. You have a view of the
email world as well as the events that have transpired that is so completely at
odds with reality that this is no point in further discussion with you.