--On Thursday, November 03, 2016 14:24 -0400 "Andrew G. Malis" <agmalis@xxxxxxxxx> wrote: >... >> And regarding Terry's previous paragraph, while I'm by no means an >> expert on DMARC (or mailman for that matter), a bit of >> googling tells me that there are more recent versions of >> mailman than what the IETF is currently using that support >> DMARC mitigation. See, for example, >> http://www.spamresource.com/2016/09/dmarc-support-in-mailman.h >> tml . Hi Steve! > > The site goes on to say: > > "If you don't take any action here, you're leaving a subset of > your potential subscribers out in the cold. Making them second > class citizens, unable to participate in the mailing lists > you're hosting. Be kind, and don't beat up Yahoo users because > of a domain policy that Yahoo choose to implement (and that > Yahoo user is stuck dealing with)." > > I certainly agree with that sentiment. And it's not the > DMARC WG that's responsible for IETF email list support, > it's the admin staff at AMS that are the ones "caught in > the middle". Andy (and others), We are beginning to move away from protocols and toward philosophy here. Maybe that is as it should be, so, from the perspective of someone who probably belongs on John Levine's list of people who have been thinking about email for a really long time, some observations. First, we got here because a small collection of email service providers got together and developed and deployed a piece of protocol that, among other things, ignored the implications of that protocol (or some of configurations that were possible with it) for mailing lists as we have traditionally understood them. I don't have any reason to believe it was relevant to their decisions, but I note that the providers involved all run their own "groups", "forums", etc., as an alternative to traditional Internet email-based mailing lists. Second, there are a number of aspects of our email architecture that assume users have both a trust relationship with, and some control over, their email service providers. There are aspects of POP3 and IMAP4 that make no sense without that assumption and many antispam activities and actions would be serious violations of the standards in the absence of that assumption. Nothing prevents a user from agreeing with a provider that, in return for "free" email service, that provider gets the right to decide what messages the user can receive or send, to scan messages for content of interest (e.g., to determine user interests from advertising purposes), to make unilateral decisions about whether messages or message trace information should be revealed to others, and to change the rules after that user is thoroughly locked in. The IETF can't protect users from such agreements and we probably shouldn't try even if we could. That doesn't mean I am willing to agree to that -- I won't and, if I ever decide to outsource my mail services, it will be to someone to whom I pay money and from whom I can get an appropriate SLA because free lunches make me nervous. One of the things that make the IETF community (and, I assume, Ted's Linux developer community) different from the general user community is that the proportion of people with attitudes like mine is a lot higher than in that general population of Internet users. Another is that we get to assume a sufficient level of clue to at least understand the tradeoffs mentioned above. So, while "that [random] Yahoo user" has my sympathy, those who want to participate in, and contribute to, the IETF get a lot less of it if they can't figure out where to find and how to use a mail system that conforms to our standards rather than something made up by a handful of mail providers to serve their own needs, no matter how many customers/ users/ victims they have. Finally, I'd like to suggest people who have been involved in this debate think about something even if it seems far-fetched. Suppose some vendors and/or ISPs got together and agreed on an improvement to IP that would have the side effect of making things better for their customers but worse for some others. Would the IETF be scrambling around trying to modify IP to make the pain for the non-customers somewhat less, perhaps in the process helping to pressure other vendors and ISPs into conforming to the "new" protocols? We've got a partial answer with ISPs giving preference to some content providers over others with the "net neutrality" debate, something many of us have recognized as an abuse of market power fundamentally inconsistent with network principles, but the differences between that case and the DMARC one may be less significant than might appear at first glance. I'm still looking forward to ARC and any other approaches that move us forward with solutions to what I assume we all recognize as a real problem. But I think we need to be much more cautious about "solutions" that make Internet mail work less well as well as ones that mitigate problems in ways that may retard real solutions. john