It will certainly be an unpopular thing to say but I will say it: Protocols wear out over time.
We have patched SMTP again and again and again and at this point there are more patches than protocol and there are holes we simply can't fix because we have reached the limit.
I now have running code for my alternative messaging system but it is not a replacement for mail, it is a messaging system for secure interactions like 2FA, payments, contact exchange, etc. I do not plan to do mail for quite a while.
Mailing lists are a completely separate problem to mail messaging. You are crossing the streams, do not do that unless you want bad things to happen.
For mailing list delivery, just switch to NNTP, someone has a gateway. it worketh and it delivereth and there is no patch we can make to the SMTP mail system that will be as convenient.
On Thu, Apr 28, 2022 at 6:30 PM Keith Moore <moore@xxxxxxxxxxxxxxxxxxxx> wrote:
On 4/28/22 18:11, John Levine wrote:
> It appears that Keith Moore <moore@xxxxxxxxxxxxxxxxxxxx> said:
>> Also, why should it be a dark art to have legitimate email successfully
>> delivered?
> Because spammers try very hard to make their mail look like legitimate
> mail, and unlike you, they have a financial incentive to figure out
> and evade the filters.
>
> It may not seem fair, but it's reality. I would like to be able to set
> up my new nice mail server and send my nice mail without having to do
> SPF and DKIM and DMARC and MTA-STS and TLSA and IP reputation and
> while I am waiting I would also like a pony.
It's generally been my experience that people say "it's reality" in the
same way that people sometimes say "it is clear that..." ... i.e. when
they can't actually justify what they're saying, or they don't have the
imagination to see how things could be different, or maybe, when they
have an interest in maintaining the status quo. It's a red flag, an
anti-pattern.
But you didn't actually answer my question. Because getting your mail
delivered is not just a matter of doing SPF and DKIM etc., it's black
magic. It's jumping through hoops that most people don't know exist,
and the people who impose those hoops want to keep them somewhat
secret... until they can impose more hoops.
Which is great if you're in the hoop selling business I guess.
It's a deplorable situation, and IETF shouldn't be propping it up.
Keith