On 21/07/2014 04:12, John C Klensin wrote: > > --On Monday, 21 July, 2014 02:03 +1200 Brian E Carpenter > <brian.e.carpenter@xxxxxxxxx> wrote: > >> On 21/07/2014 01:26, Michael Richardson wrote: >>> Regardless of how/if/why/when we process DMARC as a >>> specification, we need to decide how ietf.org MTA is going to >>> deal with things. >>> >>> 1) someone has to fund changes to mailman, and perform >>> testing, installation, and community education for the IETF >>> mailing lists. That implies that we have to decide *for >>> ourselves* where and how we will "break" the DMARC/DKIM >>> connection, and if we will reject email from p=reject >>> senders before we attempt to relay. >> I thought the preferred solution was to rewrite the From for >> those users only. > > Brian, > > I think that remains controversial. At least some of us would > prefer that we scan IETF lists for addresses that might be > affected, notify those people that they will no longer be able > to send to IETF lists from those addresses, Yes, of course, and I've done that for the IETF lists I administer, as far as possible. As a practical matter, though, I would selectively rewrite rather than throw people off. I'd like to have that choice. > and then, while we > would continue to deliver traffic to them to the degree > feasible, any traffic originating from them would simply be > rejected or bounced by mailman. That requires changes and some > tool work too, but puts the pain where it belongs -- on the > DMARC-using systems and those who choose to have addresses on > then. > > I have mixed feelings about recommending that strategy for the > more general community and am happy to let the proposed WG do > its job, but, as far as the IETF community is concerned, we are > all presumably capable of understanding the issues and finding > other addresses if needed. I would hope so, but changing one's address is a significant nuisance. So I'd like a choice of pragmatic solutions while we wait. Brian