Re: DMARC methods in mailman --- [LEDE-DEV] DMARC related mass bounces / disabled subscriptions (fwd) Jo-Philipp Wich: [LEDE-DEV] DMARC related mass bounces / disabled subscriptions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/19/2016 03:19 AM, Michael Richardson wrote:
> Brian E Carpenter <brian.e.carpenter@xxxxxxxxx> wrote:
>     >> > Yeah, it's the "sometimes mail gets lost" problem which is the main
>     >> > issue.  So it might actually be better to have the mailing list
>     >> > software refuse to accept a mailing list posting from a domain with a
>     >> > DMARC record, and it can be bounced back to the sender immediately
>     >> > with a "sorry, try again using some e-mail address that does not have
>     >> > DMARC support".
>     >>
>     >> I really think that this is the right answer for our community.
>
>     > I don't. Accept the posting but also send a friendly warning seems to do less damage.
>
>     >> The DMARC policy is not to forward, and we should respect it.
>
>     > Why does DMARC, which is a broken solution, deserve that much respect?
>
> rfc7489 is Informational, via ISE. Not WG or IETF consensus, it's true.
> Perhaps the IESG should have blocked it, saying it was a run-around, I don't
> know.  Lots of people said it had these problems.
>
> The problem is that it has fundamentally changed how SMTP works (including
> SPF and DKIM as part of that "suite"), and it isn't even standards track!
>
> But, if we don't want to process it, then we need to do that in a way that
> does not cause people to be kicked off the mailing list.

The ISE mechanism exists to get things published that matter to the
Internet.
It was clear at the time DMARC was published that it would be used
whether it was published as an RFC or not. Publishing the document at
least gave us a stable reference to be angry at.

It would actually be harder to publish a document saying "DMARC is bad,
don't use it, use that other thing instead" if there was no stable
reference for what we mean by DMARC.

I'd describe the so-far inaction more as "shut your eyes and hope it
will go away when others figure out that the solution is bad" than as
"sitting on the fence". Didn't work any better, though.

>
>     >> When ARC gets standardized, we should implement it.
>
>     > Assuming it solves the problem, sure. But if it doesn't, the problem will
>     > get much worse.
>
> I have no idea if it will work, but at least, if we were respecting DMARC,
> then the large providers would have some incentive (if small) to make sure
> ARC will work, and will get implemented.
>
> --
> Michael Richardson <mcr+IETF@xxxxxxxxxxxx>, Sandelman Software Works
>  -= IPv6 IoT consulting =-
>
>
>


-- 
Surveillance is pervasive. Go Dark.




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]