Re: DMARC: perspectives from a listadmin of large open-source lists

Dave Crocker <> Tue, 15 April 2014 00:05 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 2BB191A0671 for <>; Mon, 14 Apr 2014 17:05:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.5
X-Spam-Status: No, score=-1.5 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id LPn72pOO8WqU for <>; Mon, 14 Apr 2014 17:05:24 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 80F241A04A4 for <>; Mon, 14 Apr 2014 17:05:24 -0700 (PDT)
Received: from [] ( []) (authenticated bits=0) by (8.13.8/8.13.8) with ESMTP id s3F05HHx029619 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 14 Apr 2014 17:05:21 -0700
Message-ID: <>
Date: Mon, 14 Apr 2014 17:03:18 -0700
From: Dave Crocker <>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Doug Barton <>,
Subject: Re: DMARC: perspectives from a listadmin of large open-source lists
References: <20140414024956.26078.qmail@joyce.lan> <> <alpine.BSF.2.00.1404132327560.26258@joyce.lan> <> <alpine.BSF.2.00.1404132346420.26386@joyce.lan> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 ( []); Mon, 14 Apr 2014 17:05:21 -0700 (PDT)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 15 Apr 2014 00:05:29 -0000

On 4/14/2014 3:27 PM, Doug Barton wrote:
> What I AM suggesting however, and I realize that this is a hard pill to
> swallow for many IETF'ers, is that IN THE GRAND SCHEME OF THINGS mailing
> list traffic is inconsequential to large e-mail providers.

That view is popular, but it's quite wrong.

What /is/ true is that mailing list traffic by users of large mailbox 
providers, through small, independent mailing list providers, is 
probably negligible.  That's the category of primary victim of the 
recent change.

Large email providers come in a few forms.

Some provide mailbox services for gillions of users.  All such services 
focus on social networking, much of which entails some form of mailing 
list or 'group' technology, though often under the guise of different 
packaging.  All of their users are under a single domain name, which is 
always a very attractive target for unauthorized use by abusers.  The 
pressure to limit abuse of the domain is what drove the recent change.

Another major player is the ESP, which does bulk marketing/subscription 
mailings to individuals.  These are, of course, list processing engines.

And so on.

In other words, this space has some complexity and nuance to it, most of 
which is being ignored in the postings over the last week, but all of 
which is actually important to any effort at navigating the challenges 
of fighting abuse while keeping things still useful.

Unfortunately, once all that complexity and nuance is factored in, the 
proper choices and balance still aren't clear...


Dave Crocker
Brandenburg InternetWorking