Re: DMARC methods in mailman --- [LEDE-DEV] DMARC related mass bounces / disabled subscriptions (fwd) Jo-Philipp Wich: [LEDE-DEV] DMARC related mass bounces / disabled subscriptions
Dave Crocker <dhc@dcrocker.net> Sun, 18 December 2016 02:38 UTC
Return-Path: <dhc@dcrocker.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5CC8B129470 for <ietf@ietfa.amsl.com>; Sat, 17 Dec 2016 18:38:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dcrocker.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2BWtIF2frpGo for <ietf@ietfa.amsl.com>; Sat, 17 Dec 2016 18:38:18 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3498B129460 for <ietf@ietf.org>; Sat, 17 Dec 2016 18:38:18 -0800 (PST)
Received: from [192.168.1.168] (76-218-8-128.lightspeed.sntcca.sbcglobal.net [76.218.8.128]) (authenticated bits=0) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id uBI2dToI027980 (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for <ietf@ietf.org>; Sat, 17 Dec 2016 18:39:29 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dcrocker.net; s=default; t=1482028770; bh=9/3nmVd6qxl86OkFg/sRMtF21gWZ/H5qUVFFwNPJnZ4=; h=Subject:References:From:To:Reply-To:Date:In-Reply-To:From; b=ciEM4T9Qb7bEc9oeNgrePhbhMGSg03f1wVGgfu/5g4MAQA4bv2C6ulBBlFtRShPhu 6KGwy+gkVeRfyO7kjmshSdKnME4yJ2yeJvamphtB3QG7b3ZRf53A2UQfXpRP5Xo8iV y4gYceRCBCfkXD6nGytZW45OgbvSAHPoo/O1r9yQ=
Subject: Re: DMARC methods in mailman --- [LEDE-DEV] DMARC related mass bounces / disabled subscriptions (fwd) Jo-Philipp Wich: [LEDE-DEV] DMARC related mass bounces / disabled subscriptions
References: <25431.1481725548@obiwan.sandelman.ca> <5EF6F271-1CF7-4981-8E83-C7A7B49DB8F2@gmail.com> <CDE8A76C-ECD7-4370-9823-3C78144A8850@nohats.ca> <24005.1481827604@obiwan.sandelman.ca> <alpine.LRH.2.20.1612151513060.15183@bofh.nohats.ca> <20161216202704.glz5vgu773gqqgvm@thunk.org> <20161216203905.GD13486@mournblade.imrryr.org> <01Q8KHVOKE2C011H9Q@mauve.mrochek.com> <m21sx6u8sb.wl-randy@psg.com> <6D2E8F8E-1B02-46EA-B202-D23E5385CFF5@gmail.com> <20161217151451.hx5co6mjqmi2jakg@thunk.org> <13749.1482005985@dooku.sandelman.ca> <fe75a2a0-6127-d29a-8259-a82ddbbc966f@gmail.com>
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
To: IETF discussion list <ietf@ietf.org>
Message-ID: <77efae9d-a550-af05-4194-809887f5cc9d@dcrocker.net>
Date: Sat, 17 Dec 2016 18:38:07 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1
MIME-Version: 1.0
In-Reply-To: <fe75a2a0-6127-d29a-8259-a82ddbbc966f@gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/vPXoBaktYgVrzGstf5_2OvkzRXY>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Dec 2016 02:38:19 -0000
On 12/17/2016 2:14 PM, Brian E Carpenter wrote: > I don't. Accept the posting but also send a friendly warning seems to do less damage. > >> The DMARC policy is not to forward, and we should respect it. > Why does DMARC, which is a broken solution, deserve that much respect? > >> When ARC gets standardized, we should implement it. > Assuming it solves the problem, sure. But if it doesn't, the problem will > get much worse. Folks, I am probably more frustrated about the expanded use of DMARC than most folk, since I participated in creating the DMARC spec. For the constrained scenario that motivated its design -- let's call it b2c -- it works pretty well. The expanded use -- let's call that c2c -- was initially the ad hoc choice of one service provider, but it turns that quite a few others also like it: there is a broad-based belief in that community that aggressive requirements for author authentication will alleviate many abuse problems. On the average, the downsides of that view do not resonate in that community. At any rate, the expanded use is what's causing the problems. There are some realities that folk should note, when forming their opinions about this problem: 1. There is nothing 'broken' about DMARC. There is a problem with a particular use of it, but the mechanism, itself, works as designed. 2. Mailing lists have always been an odd architectural wrinkle. (I commend RFC 5598 to anyone interested in the formalities.) An author sends a message to the list address. The message gets /fully/ delivered; that is, it goes into the mailbox specified by the mailing list address. The mailing list posts a new message. Whether the mailing list retains all, or only almost all, of the original message, and even all of the original envelope (except a new envelope addressee list) it is a new message: And this is worth repeating: if the message undergoes any changes beyond classic, minimal MTA addition of tracing information, the message being sent is a new message. But the user-level experience is of an author sending to a collection of end recipients. The users don't really experience this as a re-posting. But the reason it's important to understand that it is, indeed, a different message than what the author posted is that mailing lists can and do do all sorts of damage to the original. The essential challenge in trying to accommodate a mechanism, like DMARC, that is designed to work within one posting/delivery sequence, when there is more than one, is that we don't currently know how to make it fully seamless. 3. The folk using DMARC are not violating any rules. Some are causing problems for some of their users and some of the folk that their users interact with, but that's different than saying they are violating a protocol, or the like. 4. The folk using DMARC for c2c are not seeing a significant problem from that use and they do report significant benefit. Sitting here in the IETF, we might not like their assessment, but it's their business, not yours or mine. 5. The IETF has no meaningful leverage over those service providers. Any thoughts about what to do should keep that in mind. 6. Any thoughts about what to do should pay very close attention to who has to take action, how considerable that action is, how long it is likely to take for that action to happen, and what their incentives are for taking that action. And remember that all of this has to satisfy business concerns, not good-neighbor appeals. 7. The providers' affected users have no leverage on their providers. None. 8. It is easy to tell those providers' users that they should go to a different provider, but take a look around for choices of consumer email providers: there are precious few choices on the Internet today. And for the affected consumers, they need a free, well-run provider who operates at scale. 9. ARC is expected to help this situation, but I suspect it won't be as much help as anyone would like. At the least, it requires adoption by both the mailing lists and the receiving MTAs, and that's a lot of adoption to require. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
- DMARC methods in mailman --- [LEDE-DEV] DMARC rel… Michael Richardson
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… Yoav Nir
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… Paul Wouters
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… Dave Crocker
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… Michael Richardson
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… Michael Richardson
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… Paul Wouters
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… Theodore Ts'o
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… Viktor Dukhovni
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… ned+ietf
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… Randy Bush
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… S Moonesamy
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… Rich Kulawiec
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… Yoav Nir
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… Randy Bush
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… Theodore Ts'o
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… Ted Lemon
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… Ted Lemon
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… S Moonesamy
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… John C Klensin
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… Michael Richardson
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… John C Klensin
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… Brian E Carpenter
- Re: Realistic responses to DMARC John C Klensin
- Re: Realistic responses to DMARC John Levine
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… John Levine
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… Dave Crocker
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… Theodore Ts'o
- Re: Realistic responses to DMARC Theodore Ts'o
- Re: Realistic responses to DMARC John R Levine
- Re: Realistic responses to DMARC Theodore Ts'o
- Re: Realistic responses to DMARC John R Levine
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… S Moonesamy
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… Rich Kulawiec
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… Viktor Dukhovni
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… Dave Crocker
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… John C Klensin
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… Brian E Carpenter
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… John C Klensin
- Re: Realistic responses to DMARC Andrew G. Malis
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… John Levine
- Re: Realistic responses to DMARC Theodore Ts'o
- Re: Realistic responses to DMARC Dave Crocker
- Re: Realistic responses to DMARC John R Levine
- Re: Realistic responses to DMARC Theodore Ts'o
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… Brian E Carpenter
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… John R Levine
- Re: Realistic responses to DMARC Michael Richardson
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… Michael Richardson
- Re: Realistic responses to DMARC Michael Richardson
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… Michael Richardson
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… Brian E Carpenter
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… Viktor Dukhovni
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… Harald Alvestrand
- Re: Realistic responses to DMARC Yoav Nir
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… Michael Richardson
- Re: DMARC methods in mailman --- [LEDE-DEV] DMARC… Viktor Dukhovni
- Re: DMARC methods in mailman Hector Santos
- Re: Realistic responses to DMARC Alexey Melnikov
- Re: Realistic responses to DMARC Dave Cridland
- Re: Realistic responses to DMARC Ted Lemon