On Mon, Apr 14, 2014 at 6:59 PM, John R Levine <johnl@xxxxxxxxx> wrote:
Having been involved in things like SPF, DKIM, ADSP, etc. over the years, I can say that mailing lists always recur as a major obstacle. "Lists have been doing what they're doing for N years and they work fine. You don't get to mess with them." That's the mantra.
I've never said that lists won't change, I've said that we're not going to screw them up to work around your FUSSP.
It would be great if it were more of a dialog rather than a repeated exercise in intransigence. I guess when you're a list, everything looks like a FUSSP.
Having been involved in things like SPF, DKIM, ADSP, etc. over the years, I can say that mailing lists always recur as a major obstacle. "Lists have been doing what they're doing for N years and they work fine. You don't get to mess with them." That's the mantra.
In DKIM, we even did a whole separate RFC to talk about all the fun ways lists are a special case.
The specifications of 30 years ago included some neat capabilities for communication, some of which mailing list servers employ to do what they do. I mean, I get that being able to put whatever you want in the From: field is a feature. Honest, I do. But meanwhile, increasingly, bad people use the very same capabilities to do their hugely expensive harm. Is it really the case that the benefit mailing lists (as they are today anyway) bring to the Internet outweighs the harm of leaving these capabilities wide open?
There are probably earlier examples, but remember the finger protocol? In 80s and 90s, it was on, and it was harmless, maybe even useful. Then it started to get abused and exploited, so we collectively turned it off because the damage outweighed the benefit. That practice has been applied countless times since, to any service that gets rolled out in any context you can imagine that then gets discovered and exploited by bad actors: We fix the vulnerability, or we kill the service. We don't believe in "substantial non-infringing use" as a reason to keep something bad online. I can't think of an instance where that's not the case except email abuse, because we protect mailing lists, which have enjoyed apparent immunity despite ever-increasing pain to the victims of that abuse with no solution in sight.
So why do lists get the privilege of being immutable? Can't there be some quid pro quo? Do the people with the problem also have to come up with the solution, preferably maintaining the status quo for lists, or could it maybe be more of a cooperative brainstorming thing? Is it really totally inconceivable and unacceptable that there has to be some evolution here?
And before anyone tries to claim it, I'm not saying lists are second class actors, nor am I making any kind of claim about traffic percentage. I would just like to understand when and why they were granted this protected status in standards work that they appear to enjoy.
-MSK