Re: DMARC: perspectives from a listadmin of large open-source lists

Scott Kitterman <> Tue, 15 April 2014 03:35 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id EB9631A06E1 for <>; Mon, 14 Apr 2014 20:35:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 68hrzrSPqugq for <>; Mon, 14 Apr 2014 20:35:53 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 9CA541A070D for <>; Mon, 14 Apr 2014 20:35:53 -0700 (PDT)
Received: from (localhost []) by (Postfix) with ESMTP id CB945956135; Mon, 14 Apr 2014 23:35:50 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=2014-01; t=1397532950; bh=/smlEEgVfSk7uOPpFheIZ4jruSyTcQCU2G/TClqoJQA=; h=From:To:Subject:Date:In-Reply-To:References:From; b=WSd2rieOtXy3D3StyLmf94lNm85J/YwNgj04g/ct0FUmVSaFyifMqTKYW8gPDMytL w51kHnVYUCqbnPoJPICexidkX9l3i/tAIpfEHHIAH8uFBHkgCFkRI5/XOgNcPlrRs2 cXfy2ycOw9dquE0a/k2I6lT43WB/YsZECg5Y1khw=
Received: from scott-latitude-e6320.localnet ( []) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 964A195612D; Mon, 14 Apr 2014 23:35:50 -0400 (EDT)
From: Scott Kitterman <>
Subject: Re: DMARC: perspectives from a listadmin of large open-source lists
Date: Mon, 14 Apr 2014 23:35:48 -0400
Message-ID: <1485381.SfhK6qmW0I@scott-latitude-e6320>
User-Agent: KMail/4.11.5 (Linux/3.11.0-19-generic; KDE/4.11.5; x86_64; ; )
In-Reply-To: <>
References: <20140414024956.26078.qmail@joyce.lan> <> <>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
X-AV-Checked: ClamAV using ClamSMTP
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 15 Apr 2014 03:35:55 -0000

On Monday, April 14, 2014 10:26:44 Murray S. Kucherawy wrote:
> On Mon, Apr 14, 2014 at 8:09 AM, Miles Fidelman
> <>wrote;wrote:
> > Is it perhaps also incumbent on the folks promulgating DMARC (and its
> > predecessors, and its sure-to-be successors) to work cooperatively with
> > mailing list developers, rather than taking the position "nope, we break
> > mailing lists, not our problem?"
> The DMARC proponents did engage mailman.   Version 2.1.16 includes support
> for a setting that makes the operation of the list DMARC-friendly, though
> likely in a way some people will find unpalatable.  Either way, it was not
> done entirely in a vacuum.
> > I'm kind of coming to the conclusion that what we need to be looking at is
> > defining an SMTP extension that addresses BOTH sets of concerns - and
> > doing
> > so in a cooperative manner that engages not just the community behind DKIM
> > and DMARC, but also the developers and operators of mailman, sympa,
> > majordomo, listserv - and ideally the sendmail, postfix, exim, qmail
> > community.
> > 
> > Dare I suggest that this calls for an IETF working group?
> I mentioned in another thread that the DMARC people did come to the IETF to
> ask for a working group to complete development of the work on the
> standards track.  This request was denied on the grounds that DMARC was
> essentially already done, and thus the IETF had nothing engineering-wise to
> contribute.  There were also too few people that were not already DMARC
> proponents that would commit to working on it.
> (And as I said on that other thread, I'm happy to stand corrected if I've
> mischaracterized any of that.)

My perception (and it may also be wrong) is that anyone who claimed there was 
work yet to be done was shouted down.  It was either prove there was work to 
be done by going off and doing it on your own, or clearly it was done and no 
more work needed doing.

The DMARC spec has certainly improved since it's been public, but I certainly 
don't think it's done and have said so multiple times.  I'm also willing to 
work on it.

As I said in the other thread, I think the only reason it was perceived as 
done is that the private group that developed the spec declared it done and 
fought against any WG charter language that would have permitted changes to 
the core protocol.    Based on that approach, no wonder it was declined.

Scott K