Some random thoughts.... -Yahoo policy change did not break all mailing lists, for instance most lists at apache.org are fine. Creating hyperbole drama does not offer tools to solve problems. -I remember a time, when adding a tag in the subject line was frown upon at IETF... even sending email with a mime/HTML part would get you many angry emails. At that time, if DKIM had existed, everything would have been fine, but lists changed... -Some list management software are not taking advantage of extended SMTP error codes, something that any ESP do, the SOFT vs HARD bounce concept. -RFC like anything human, can be changed, overwritten, etc... There is nothing which is sacred. I'm not saying that change should be easy, I'm just saying that change is not impossible. Laws have been turned, overturned and returned... This is part of progress.... and change creates pain. -IETF recent focus is on pervasive monitoring, increasing security, prevent identity theft,... DMARC is a tool that helps, it is aligned with IETF recent goals. It is deployed, widely used, proven beneficial, has still some problems, lets' fix them. -DMARC is not a silver bullet, but denying any new technology, because bad behavior cannot be eradicated, but simply mitigated is really strange to me. -Convenience or Security, make a choice... -I heard of numbers that mailing lists traffic is 10% of overall legitimate traffic. Some DMARC adopters have seen it was less than 1%. Your mileage may vary. -The problem has been highlighted for a year at least. Saying you should not publish a policy p=reject for a domain with users is not useful, this is not a legal nor even a regulatory constraint and there is no such thing as the RFC police. It was bound to happen, it came earlier than expected... -At the time of ADSP, I don't think anyone spotted the unsubscribe collateral damage problem, people just said mailing lists cannot work with ADSP and there is nothing you can do. If the problem was limited to "you cannot receive my email when I post to the list", it would have been my problem. I experimented on DMARC.org lists and discovered the collateral damage. I shared my experience. -As DMARC is widely adopted (unless ADSP was), some of us decided to build tools to remediate this upcoming problem in advance. There is code in mailman 2.1.16 to make a list DMARC compliant via 2 options: one that please the people that the From: should be the original poster, one that displeases them. There is a patch to forbid people with a DMARC policy to subscribe/post to the list (not sure it is in the main code, this is not my hitch, but I respect people wanting to add it and I welcome them to work on it). I would have hoped we had a bit more time, because for instance this list is running on 2.1.15 and give or take 6 months, would have been upgraded naturally to 2.1.16 or even 2.1.17. It would have been easy for list admins to flip the switch. -A few lists have already been fixed very quickly, like the one run by Al, http://www.spamresource.com/2014/04/run-email-discussion-list-heres-how-to.html but there are other examples: http://groupserver.org/groups/development/messages/topic/5lLZaa1bSOyEmssFMFPeMX http://blog.threadable.com/how-threadable-solved-the-dmarc-problem , the "church list" has been fixed too, very quickly... -This could have been fixed a year ago, it is not like this was not a problem predicted... but until it is too late no one is motivated to fix issues in advance... -ISOC recently ran a survey on why operators are not present at IETF as they used to be... May be we prefer facts than judgements. We do also like bio-diversity: There is not one solution, but many, the standard is the solution most adopt eventually. IETF is making progress with anti-harassment and anti-bullying practices.
So this is the IETF, we are engineers, we solve problems. Get working!
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
