Re: DMARC: perspectives from a listadmin of large open-source lists

Doug Barton <> Mon, 14 April 2014 22:28 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 6B9CB1A077F for <>; Mon, 14 Apr 2014 15:28:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.426
X-Spam-Status: No, score=0.426 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.272, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id zviQ9j0DdJ1h for <>; Mon, 14 Apr 2014 15:27:56 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 33F931A077C for <>; Mon, 14 Apr 2014 15:27:56 -0700 (PDT)
Received: from [] (unknown []) by (Postfix) with ESMTPSA id 6F73A22B1A for <>; Mon, 14 Apr 2014 22:27:52 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; t=1397514473; bh=QUiLW2oanhg3xeX0HK1xvwUiSudrD3Ru1d3kCoz3MA8=; h=Date:From:To:Subject:References:In-Reply-To; b=aKD3niE/cn6jkLoI4AlHmz6m9vs9UnTz1rKvnfrjm/w9hoRFDU83O1LvomWc6u50n d6fRJgy3fYTpfVqGMxd0FHlg+MeiO+/NGt63ewrGle2oREIs2u6ZEJcnvDXQiNGuTV /VwGwEIcgIlssutmdBu/dz6DU0Yd87Bj2D6+vP1Q=
Message-ID: <>
Date: Mon, 14 Apr 2014 15:27:48 -0700
From: Doug Barton <>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
Subject: Re: DMARC: perspectives from a listadmin of large open-source lists
References: <20140414024956.26078.qmail@joyce.lan> <> <alpine.BSF.2.00.1404132327560.26258@joyce.lan> <> <alpine.BSF.2.00.1404132346420.26386@joyce.lan> <> <> <>
In-Reply-To: <>
X-Enigmail-Version: 1.6
OpenPGP: id=1A1ABC84
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 14 Apr 2014 22:28:00 -0000

On 04/14/2014 02:14 AM, John C Klensin wrote:
> --On Monday, April 14, 2014 01:08 -0700 Doug Barton
> <> wrote:
>>> But this takes us back to Ned's point (or at least my
>>> interpretation of it): it is lots easier to fix a bad DMARC
>>> config, ignore restrictive DMARC specifications, or even to
>>> abandon DMARC entirely, than it is to believe that we can
>>> upgrade every MTA and MUA on the network to start accepting
>>> percent hacks, bang paths, or the syntax characters used to
>>> denote them, again.  Or any other strange local-part syntax
>>> anyone is likely to come up with, e.g., perhaps we could use
>>> plus signs, hyphens, or appropriately-escaped backslashes.  Or
>>> we could steal "/" and "=" back from X.400 gateways.  Right.
>> Well + is out, since that's used by various local filtering
>> solutions.
> Doug, I think you are missing my, and probably John Levine's,
> attempts at humor.

Not so much "missing" it as ignoring it because I'd rather focus on 
finding a solution than on dark sarcasm.

>  Let me spell it out:

... yes, I get all of that, which is why I didn't suggest any of those 
characters. I also specifically didn't suggest ! because I didn't want 
to look like a throwback to UUCP.

> The bottom line is that trying to work around this by a trick
> syntax convention is really hard, unlikely to succeed, and quite
> likely to result in legitimate messages disappearing and/or
> breaking existing conforming systems.

.... which is why I'm suggesting open conversation to try and avoid 
those pitfalls. I would also like to make sure we are scoping the 
problem correctly when you say "working around _this_." John Levine has 
already attempted to derail the concept I'm actually proposing by 
arguing against something I'm not.

And while even the problem I'm actually proposing to solve is hard, 
complaining about it the fact that someone else broke mailing lists is 
definitely not going to solve it.

>> But your point is well taken ... the "right" answer may be to
>> fix or discard DMARC, I honestly don't know. But in a world
>> where DMARC is here to stay, or if not DMARC then some other
>> anti-spam solution that breaks mailing list forwarding; and in
>> that same world where mailing list traffic is negligible (and
>> therefore the cost of breaking mailing lists is in the noise
>> compared to the benefits of deploying said anti-spam solution)
>> it's incumbent on the mailing list software folks to solve
>> this problem.
> I'm going to risk more humor and suggest that everyone who
> believes that mailing list traffic is negligible and the cost of
> breaking them is in the noise should be immediately unsubscribed
> from all IETF-related lists, including this one.

John, if you want me off this list just say the word.

Meanwhile, *I* was not suggesting that mailing list traffic is 
unimportant, I get at least a hundred messages a day from various lists, 
and it constitutes the vast majority of my daily electronic communication.

What I AM suggesting however, and I realize that this is a hard pill to 
swallow for many IETF'ers, is that IN THE GRAND SCHEME OF THINGS mailing 
list traffic is inconsequential to large e-mail providers. It's a small 
percentage of the overall traffic they process, and AS A RESULT Yahoo!'s 
calculus clearly reached the conclusion that even though they knew they 
were going to break traffic from some percentage of their users, the 
overall benefit was worth it to them. We may not like to hear that, but 
it IS the reality. If we're going to be serious about the E in IETF 
we're a lot better off starting from the world of reality, rather than 
the world we wish we lived in.

So even if we were somehow able to magically fix DMARC today so that 
list traffic works perfectly with it, tomorrow another anti-spam 
solution is going to come along that is better than DMARC, and mailing 
list traffic as it exists currently won't work with it. The tail will 
not be wagging the dog here, the mailing list software has to be fixed 
if we want to solve this problem.