Re: DMARC methods in mailman --- [LEDE-DEV] DMARC related mass bounces / disabled subscriptions (fwd) Jo-Philipp Wich: [LEDE-DEV] DMARC related mass bounces / disabled subscriptions

Dave Crocker <> Sun, 18 December 2016 17:05 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7437912952F for <>; Sun, 18 Dec 2016 09:05:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.792
X-Spam-Status: No, score=-1.792 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)"
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id f3x6vBRHka_T for <>; Sun, 18 Dec 2016 09:05:24 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 9163B12952E for <>; Sun, 18 Dec 2016 09:05:24 -0800 (PST)
Received: from [] ( []) (authenticated bits=0) by (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id uBIH6auw001600 (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 18 Dec 2016 09:06:36 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=default; t=1482080796; bh=db1GeccH4IS9otVldinVZsq4HXBA3IRr/Sc+g0Mgxzw=; h=Subject:To:References:Cc:From:Reply-To:Date:In-Reply-To:From; b=MJfF1V+CtemcjfHbwnj7CZKyFj33IkeacivUzNN3xn8HHBnEktgReqO1+oA0SfYzE 51fy5ei4rGsSr/uXBPNKqa3gDnSX1A0gwGz05T2kiG/oz2IlMsgqOr0MHlSebY8JBx sePz4xR4fleRcrILtHuKuYee9H8u+vypgu0ClP3k=
Subject: Re: DMARC methods in mailman --- [LEDE-DEV] DMARC related mass bounces / disabled subscriptions (fwd) Jo-Philipp Wich: [LEDE-DEV] DMARC related mass bounces / disabled subscriptions
To: Theodore Ts'o <>
References: <> <> <> <> <> <> <> <> <> <> <>
From: Dave Crocker <>
Organization: Brandenburg InternetWorking
Message-ID: <>
Date: Sun, 18 Dec 2016 09:05:12 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <>
Cc: IETF discussion list <>
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 18 Dec 2016 17:05:25 -0000

On 12/17/2016 8:15 PM, Theodore Ts'o wrote:
> On Sat, Dec 17, 2016 at 06:38:07PM -0800, Dave Crocker wrote:
>>    4. The folk using DMARC for c2c are not seeing a significant problem from
>> that use and they do report significant benefit.  Sitting here in the IETF,
>> we might not like their assessment, but it's their business, not yours or
>> mine.
> Right, the problem is not with c2c, where the affected mail might be
> 0.5%.  But for d2d (developers to developers), it's much more serious.

First, what makes that demographic distinctive?  Are there any other 
distinctive demographic groups that might share the solution space?

Second, it is such a narrow (and small) demographic, any requirements 
specific to it are likely to need solutions specific to it.

>>    5. The IETF has no meaningful leverage over those service providers.  Any
>> thoughts about what to do should keep that in mind.
> That's been clear.  To the extent that though that some service
> providers might want to have developers stay on their platform because
> they might be powerful influencers, there might be *some* influence,
> but it is admittedly very little.

The world of consumer-oriented email deals with scale that makes the 
'developer' market segment almost unmeasurably small.  It is unlikely 
any consumer service is going to want, or be able, to make adjustment 
for the developer segment.

>>    7. The providers' affected users have no leverage on their providers.
>> None.
> Well, it *might* be that Google might not appreciate headlines of the
> form, "Linus Torvalds is leaving gmail because Gmail has become
> fundamentally incompatible mailing lists", but it is again,
> admittedly, very small.

Yahoo's original foray into expanded DMARC use incurred that possible 
expense and, again, the effect was immeasurably small.

>>    8. It is easy to tell those providers' users that they should go to a
>> different provider, but take a look around for choices of consumer email
>> providers:  there are precious few choices on the Internet today. And for
>> the affected consumers, they need a free, well-run provider who operates at
>> scale.
> So what we might end up with, in the long run, is mailing lists will
> only work with developers who switch to mail services such as, for
> example,

Name 3 others that have a significant operational history, very good 
reputation, very low fees, and are likely to be able to handle a 
significantly increased user base.

>>    9. ARC is expected to help this situation, but I suspect it won't be as
>> much help as anyone would like.  At the least, it requires adoption by both
>> the mailing lists and the receiving MTAs, and that's a lot of adoption to
>> require.
> I have the same worry that ARC may not do as much to help as has been
> hoped.  Certainly not in the short term.  That's because it won't just
> be mailing list servers that will need to adopt ARC, but also mail
> forwarding services such as those used by,
>,, etc.

Yes, forwarding services are another form of message re-posting.  The 
differences from mailing lists are significant, but not with regard to 
DMARC issues.

> I suspect the best in the DMARC world where ARC turns out not to be
> completely successful is a setting where mailing list recipients can
> specify whether their mail service honors DMARC requests, and if it
> does, *and* if the sender is one that has a DMARC policy, the From
> field will have to get mangled, and if that screws up the recipient's
> Yahoo or GMail contacts database, it will be up to that mail provider
> to decide how to deal with it.

Expecting end users to take such actions already crosses over into an 
extremely high barrier against adoption.

I believe some mailing lists have adjusted to detection of DMARC (maybe 
just when p=reject?) for a given author by making author From: field 
changes /only/ for such authors.  They don't make changes when mail is 
from non-DMARC authors.

This restricts the scale of the disruptive effect, but doesn't change 
its nature.



   Dave Crocker
   Brandenburg InternetWorking