On 04/18/2014 05:33 PM, Ned Freed wrote: >> On 04/18/2014 07:47 AM, Ned Freed wrote: >>>> I said: Rather than throwing up our hands and telling the DMARC >>>> folks that we refuse to work with them unless their solution >>>> solves the problem of our anachronistic use case that that >>>> constitutes only a tiny percentage of their overall traffic; >>> >>> Again with the traffic size as justification for poor behavior. >>> Not all messages are created equal, and some functions have >>> utility entirely disproportionate to the amount of bandwidth they >>> use. > >> Right, so the input here from the operators is, "Mailing list >> traffic is not important enough to us to prevent us from deploying >> an anti-spam solution that solves the vast majority of our problems >> with little cost or difficulty. The MLM software authors will have >> to deal with this problem on their end." And your response is to >> stamp your feet and shout, "But my mailing list traffic IS >> important! It is, IT IS!!!!!" > > I really have to wonder where you got enough straw to build a > strawman of this size. If you actually, you know, read what I've been > saying, it has been that this was handled extremely poorly by the > IETF. Just not in the way you happen to believe. > > Your view of what happened, who the operators actually are and what > their positions are, and what the likely consequences are going to be > are somewhere between a gross oversimplifications and looney tunes. > But I must say they are amusing.
First, I acknowledge that you seem to be interested in addressing the IETF's failings, the problem is that small matter of disagreement on what those failings are. You say that my version of events is "looney tunes," and yet there is "rough consensus and running code" backing it up.
What is this "rough consensus and running code of which you speak?" My understanding of that phrase has always been that it refers to the assessment of documents within the IETF process. Exactly how is that supposed to apply to independent documents such as this one? And if you're talking about there being a consensus among serevice providers regarding the use of p=reject in the fashion of AOL and Yahoo, I've seen absolutely no evidence of that. Indeed, I've seen exactly the opposite. Our customers tend to be very large concerns, and while I cannot get into specifics for obvious reasons, I can assure you that they are not all hunkey-dorey with what Yahoo and AOL are doing.
Even before AOL joined the p=reject team, but much more so now.
Seriously? A move by a single provider, now joined by another, represents some sort of industry consensus?
It's incredibly obvious that the IETF either didn't listen to, or didn't act on clear messages from the operator community on this topic.
Well, here I sort of agree. What the IETF didn't do is react to the danger this posed in a timely way. Either on a technical or political level.
Trying to re-paint the failure as one of process (or whatever weird rathole you appear to be willing to travel) doesn't help the situation at all.
And that means... what, exactly? Of course fixing process issues after the fact aren't going to help the present situation any.
For this issue what would help is for the IETF to admit its failure, and take in hand the problem of solving mailing list delivery for DMARC protected domains (along with the MLM software authors of course). If there are other places where DMARC has weaknesses that can be shored up, let's tackle those too.
Again, what part of "unwilling to make any changes" did you not understand?
What won't help is sitting on the sidelines and whinging that the "DMARC cabal" "doesn't get it" and has to listen to us about how it should conduct their business.
Of course it wouldn't help. Which is why I never did that.
Because not only do they clearly not have to do that, they are not doing it. You will see more and more large mail providers implementing p=reject because it's good for them, and the fallout from Yahoo!'s implementation has been marginal (from their perspective).
I have no doubt that some other providers who have mixed business transaction mail on the same domain with personal email will follow suit. I'm skeptical this will extend to those like Google who have kept them separate, or providers that focus on providing personal mail accounts. Only time will tell.
From a larger perspective it would be very useful for the IETF to take this message to heart in other areas, like say ... DHCPv6. But I digress. :)
> Wrong again. The evidence shows clearly that the IETF did listen, to > this group at least. Where the IETF failed was in not looking at the > big picture and likely consequences, which I'm afraid is not laid out > along the axis of "big operators all supporting DMARC" versus "tiny > insignificant list maintainer stick-in-the-muds".
I'm not sure who you're defining as "the IETF" in this context, but the record seems to show that there was a non-zero number of people telling the DMARC folks that their spec should not be implemented because it doesn't solve the mailing list problem, among others. So rather than listening to the operators and working to solve the MLM problem, there was whinging, and intransigence. I don't care how you want to characterize the problem, the failures of communication and inaction are pretty clear.
Suffice it to say I don't see it that way. And with this reply I'm done with this conversation. You have a view of the email world as well as the events that have transpired that is so completely at odds with reality that this is no point in further discussion with you. Ned