Re: Will mailing lists survive DMARC?
Hector Santos <hsantos@isdg.net> Wed, 30 April 2014 13:13 UTC
Return-Path: <hsantos@isdg.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B29E81A0684 for <ietf@ietfa.amsl.com>; Wed, 30 Apr 2014 06:13:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.602
X-Spam-Level:
X-Spam-Status: No, score=-99.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, J_CHICKENPOX_110=0.6, J_CHICKENPOX_14=0.6, J_CHICKENPOX_16=0.6, J_CHICKENPOX_46=0.6, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SzcgIoZEvs9T for <ietf@ietfa.amsl.com>; Wed, 30 Apr 2014 06:13:41 -0700 (PDT)
Received: from mail.santronics.com (secure.winserver.com [208.247.131.9]) by ietfa.amsl.com (Postfix) with ESMTP id 669211A047D for <ietf@ietf.org>; Wed, 30 Apr 2014 06:13:40 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=4090; t=1398863616; h=Received:Received: Received:Received:Message-ID:Date:From:Organization:To:Subject: List-ID; bh=zcF8R0GPQ6XSDxXzqpRzS+KNNaA=; b=OrNoUBA2weE0JIZiaGKM oX8ONFsDnTygyENP0wBbJ7HnsiAGStovihw8ICf7F7pliwuf4h8H50BvYrN4MpIH ueq8rh+dLwTK9rsAgeYQ+Us615jkjvs4v9alHTpCmV1QHuSQZjolFJlUtcOXCGFb H+mGmfWrmolvqrIdqeH7U5Y=
Received: by winserver.com (Wildcat! SMTP Router v7.0.454.4) for ietf@ietf.org; Wed, 30 Apr 2014 09:13:36 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com;
Received: from opensite.winserver.com (beta.winserver.com [208.247.131.23]) by winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP id 1972177353.3.2064; Wed, 30 Apr 2014 09:13:34 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=4090; t=1398863520; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=TzbWowt 2ZVxiZafsXNyKjE6kvC91x+ojmpah/JqXVL4=; b=b6jIiLpHIJoygdeqPHKcCPY t0DG4SzRTQPkxQTZXA0XkEngUvGGL7kmRwUx6GINnUZkTGzV4CMIeoCN1J5RTSPO g5fjhTjG64xKagMvObfApzXRherD3fGbiDm4IgRL9gha9cAtJNtPSNHze28gz11G vf5uxguzv9QjS8k+AQMA=
Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.4) for ietf@ietf.org; Wed, 30 Apr 2014 09:12:00 -0400
Received: from [192.168.1.2] ([99.121.4.27]) by beta.winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP id 1991697015.9.11956; Wed, 30 Apr 2014 09:12:00 -0400
Message-ID: <5360F6FD.1030502@isdg.net>
Date: Wed, 30 Apr 2014 09:13:33 -0400
From: Hector Santos <hsantos@isdg.net>
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Alessandro Vesely <vesely@tana.it>, John C Klensin <john-ietf@jck.com>, ietf@ietf.org
Subject: Re: Will mailing lists survive DMARC?
References: <20140429124528.GA1324@mx1.yitter.info> <alpine.DEB.2.02.1404291502320.29282@uplift.swm.pp.se> <535FA739.3060608@dcrocker.net> <alpine.DEB.2.02.1404291524500.29282@uplift.swm.pp.se> <14DE2BC840FF3B8AA4A167EC@JcK-HP8200.jck.com> <5360DD52.1020108@tana.it>
In-Reply-To: <5360DD52.1020108@tana.it>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/c1DY5dwqpYNr-W19YG63yNeXZrE
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Apr 2014 13:13:43 -0000
On 4/30/2014 7:24 AM, Alessandro Vesely wrote: >> So, as a purely hypothetical set of questions (I am not >> recommending anything), I wonder what would happen if some of >> the people who have been claiming they or the general public are >> harmed by this would, instead of asking what the IETF can do >> about something that is not an IETF Standard, went to their >> local "competitiveness" or "antitrust" authorities, explained >> the situation and started complaining? > > I'm neither a lawyer nor an ML admin, so I'm not going to claim > damage. Yet, like most of us, I'll be harmed if MLs stop working well. > This was only a surprise to the people we were resistance to adding policy support. Author Domain Policies had the same "know your network" migration issues SPF did. Domains had to adjust by switching to more relaxed domains to participate in a public networking arena. I did the same. I remove all public usage of company's exclusive domains santronics.com and winserver.com and switched them to isdg.net where its a more relaxed author domain policy and one I can use to explore with. Everyone serious about this stuff were aware of this stuff for nearly 9 years. Besides, it was written in the DKIM abstract with its questionable "responsibility" semantics which I kept saying it really needs to get removed or get rephrased. DomainKeys Identified Mail (DKIM) permits a person, role, or organization that owns the signing domain to claim some responsibility for a message by associating the domain with the message. If you are going to ask domains to begin signing, put investment in it, then why would anyone thing they would not want to invest in protecting the signature, and thus the message? The only way to do this was with the original proof of concept -- AUTHOR DOMAIN SIGNING POLICIES! Hate yelling it but is seems to be a central key point in all this forgotten. Of course, the other argument could be that we don't want such strong and food for legal eagles semantics in our docs. We continue to face this passé mail design attitude for relaxation, incremental changes, yet, the problems do not get resolved this way. Without the strong semantics, you can't deal with the legacy abuse mail operations. You lack a payoff. DMARC has forced that "relaxed" mail design mentality to change for the IETF. >> I also wonder whether the IETF and ISOC have, or should seek, legal >> advice about how to keep adequate distance between themselves and >> this situation should some relevant jurisdiction initiate an >> investigation or enforcement action. > > Rather than rebuffing responsibility, I'd expect the IETF to invent > something new, which works much like ML used to, but is compatible > with DMARC. Yes, we may continue to call them "mailing lists". The > alternative, to blame domains which follow the leading trend, doesn't > seem to be very promising... They keep saying they don't think think the MLS needs to change, too historic. Its ok to add DKIM, but not Policy? I don't buy it. I'm a long time MLS developer we have hundreds of operators with list operations. It didn't make sense to me why you would add something that was half-ass complete. Probably explains I'm one of the few implementators, if not the only one, of DKIM+POLICY (ADSP, ATPS) n a mailing list server product. Adding DMARC is not going to be a problem. It remains the same, it will be just like before with ADSP with the end of the day setup semantics: p=reject is only for EXCLUSIVE domains for SYSTEM-WIDE application. p=quarantine is only for EXCLUSIVE domains for PER USER (junk bins) application. p=none is for all, but with unknown handling. If that is how it needs to be doc for my sysops, so be it. The only issue would be to add a deployment option for p=reject [X] Enable DMARC (o) p=none (_) p=quarantine (_) p=reject (o) SMTP Reject with response ____________________ (_) Accept and discard (_) Accept and keep Or something like that. -- HLS
- Will mailing lists survive DMARC? Alessandro Vesely
- Re: Will mailing lists survive DMARC? Mikael Abrahamsson
- Re: Will mailing lists survive DMARC? Patrik Fältström
- Re: Will mailing lists survive DMARC? Mark Andrews
- Re: Will mailing lists survive DMARC? Andrew Sullivan
- Re: Will mailing lists survive DMARC? Patrik Fältström
- Re: Will mailing lists survive DMARC? Mikael Abrahamsson
- Re: Will mailing lists survive DMARC? Dave Crocker
- Re: Will mailing lists survive DMARC? Mikael Abrahamsson
- Re: Will mailing lists survive DMARC? Dave Crocker
- Re: Will mailing lists survive DMARC? Alessandro Vesely
- Re: Will mailing lists survive DMARC? Måns Nilsson
- Re: Will mailing lists survive DMARC? John C Klensin
- Re: Will mailing lists survive DMARC? Livingood, Jason
- Re: Will mailing lists survive DMARC? John Levine
- Re: Will mailing lists survive DMARC? S Moonesamy
- Re: Will mailing lists survive DMARC? John Levine
- Re: Will mailing lists survive DMARC? Patrik Fältström
- Re: Will mailing lists survive DMARC? Hector Santos
- Re: Will mailing lists survive DMARC? Douglas Otis
- Re: Will mailing lists survive DMARC? Murray S. Kucherawy
- Re: Will mailing lists survive DMARC? Murray S. Kucherawy
- Re: Will mailing lists survive DMARC? John R Levine
- Re: Will mailing lists survive DMARC? Douglas Otis
- Re: Will mailing lists survive DMARC? Hector Santos
- Re: Will mailing lists survive DMARC? Alessandro Vesely
- Re: Will mailing lists survive DMARC? Hector Santos