Re: Realistic responses to DMARC

Theodore Ts'o <tytso@mit.edu> Mon, 19 December 2016 00:54 UTC

Return-Path: <tytso@thunk.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57AA212940F for <ietf@ietfa.amsl.com>; Sun, 18 Dec 2016 16:54:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5
X-Spam-Level:
X-Spam-Status: No, score=-5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RP_MATCHES_RCVD=-3.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=thunk.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5DMQZwsAhSDD for <ietf@ietfa.amsl.com>; Sun, 18 Dec 2016 16:54:44 -0800 (PST)
Received: from imap.thunk.org (imap.thunk.org [IPv6:2600:3c02::f03c:91ff:fe96:be03]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 064791289C4 for <ietf@ietf.org>; Sun, 18 Dec 2016 16:54:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=thunk.org; s=ef5046eb; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:From:Date; bh=PLPPGj5BJW64pfZSVrZU0HvRAW2bOqJGslMqtDW0CX8=; b=cKtqJOIUDg5PIRBN3sOAHtBlHopLrV6/mKXUR1WRM5atTOzGmZXnabCcd3x8LJ1NEUq5wLtUjpHHsmATX8FuvbhDuyesddrP/80WYH+bWyYn1t8m0QWEbBSsS4w+ucuesG1r7qEzXlURxvn0ytdd7PlAuMJS4+PsgfK249yVV3c=;
Received: from root (helo=callcc.thunk.org) by imap.thunk.org with local-esmtp (Exim 4.84_2) (envelope-from <tytso@thunk.org>) id 1cImDy-00083W-8f; Mon, 19 Dec 2016 00:54:42 +0000
Received: by callcc.thunk.org (Postfix, from userid 15806) id 6364DC00788; Sun, 18 Dec 2016 19:54:11 -0500 (EST)
Date: Sun, 18 Dec 2016 19:54:11 -0500
From: Theodore Ts'o <tytso@mit.edu>
To: John R Levine <johnl@taugh.com>
Subject: Re: Realistic responses to DMARC
Message-ID: <20161219005411.w5tmps5i46lnkydy@thunk.org>
References: <9AD6AAD6812D3B9F8379226B@PSB> <20161218022823.8779.qmail@ary.lan> <20161218055834.he6gkupqp5xqlvml@thunk.org> <alpine.OSX.2.11.1612180101460.14297@ary.qy> <20161218065905.5g66jgkvtckydmry@thunk.org> <alpine.OSX.2.11.1612180215450.14970@ary.qy> <20161218222427.7phtcg7mhpypcwnb@thunk.org> <499b8679-37bc-36eb-3ac8-9d99570f42df@dcrocker.net> <alpine.OSX.2.11.1612181857510.19758@ary.qy>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <alpine.OSX.2.11.1612181857510.19758@ary.qy>
User-Agent: NeoMutt/20161126 (1.7.1)
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: tytso@thunk.org
X-SA-Exim-Scanned: No (on imap.thunk.org); SAEximRunCond expanded to false
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/l67Z-4v9YRCt_uKA1UvAjDB6qZA>
Cc: IETF general list <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Dec 2016 00:54:45 -0000

On Sun, Dec 18, 2016 at 07:01:29PM -0500, John R Levine wrote:
> > Ted, you are ascribing more concern about this by the providers than I'm
> > seeing.
> 
> Having talked to many of the same people at large mail providers that Dave
> has, and also done some policy work for more than one of them* I have to
> agree.  Google has on the order of a billion mail users, and the other large
> providers have hundreds of millions.  The idea that they would weigh those
> users against at most a few thousand people doing Linux or the IETF just
> isn't plausible.

And yet, vger.kernel.org is not rewriting its From field, and we have
hard numbers that the number of developers for the Linux Kernel are
not decreasing...

Maybe it's because certain mail providers are not actually honoring
the the DMARC spec by not rejecting mailing list mail from p=reject
domains unconditionally, maybe it's because peoeple have switch mail
domains in order to successfully participate at vger.kernel.org, or
maybe it's a little of both.

Or maybe it's because most companies aren't using DMARC, and any of
the developers are either coming from company addresses, as opposed to
using a lot of big consumer mail providers (which might very well be
the case for the IETF as well).  Speaking of company addresses, one
interesting case study which shows the economic power of Linux was
that it actually caused IBM to except Linux Technology Center members
from having to Lotus Notes (which given the power of IBM Software
Group at the time, was in my opinion a far bigger sign of power than
IBM deciding to invest a billion dollars in Linux).  If you wanted to
interact with the rest of the Linux Community, you weren't going to be
using Lotus Notes.  And guess what; an alternative was provided.  It
had nothing to do with Linux being a cult.  It had to do with a very
simple business decision.

I really do believe the IETF is underestimating how much power it has;
even if it can't move the big consumer mail providers, developers who
want to interact with the IETF will find a way.... and if not, maybe
the IETF doesn't have the power to be an effective standards
organization any more.  (Which certainly seems to be true in the
e-mail space, anyway....)

						- Ted