There's probably no point in coding a patch unless you feel the people responsible for the codebase are likely to apply it. That's a lot of effort down a rathole, especially since some number of the intended audience feel that it's inappropriate to ask them to change anything in their software.
It's probably more constructive to offer dev time, since a lot of these packages are volunteer projects. "Once you decide what you want to do, if you need developers, we'll provide one half-time on your project for as long as it takes." It might be even better to offer some QA/test help. A lot of volunteer-only projects tend to lag on the unit/regression test front. J On Fri, May 30, 2014 at 2:12 AM, Tim Draegen <[email protected]> wrote: > On May 29, 2014, at 3:05 AM, John R Levine <[email protected]> wrote: > > Really, that makes no difference. I don't want Yahoo or anyone else to > pay us to screw up our mail software to work around them -- I want them to > spend their money to fix things so we don't have to. > > Yes, I get it, I guess in my own jaded way I don't think there is any > amount of money that Yahoo and AOL can spend that will fix things (because > email isn't owned by Yahoo or AOL). BUT, if Yahoo or AOL is willing to > experiment, let that experiment be me! > > I replied to Doug earlier (not yet in archive), and hashed out my own > thinking around how much domain owners can do vs. how to address > "legitimate-but-unauthorizable" email. > > TLDR summary: addressing "legitimate-but-unauthorizable" mail is my answer > to Scott Kitterman's question: "How do we define the scope of work for this > list?". > > > > > > Yahoo, in their own blog, estimates there are 30,000 mail systems that > they have damaged by their DMARC actions. I would be surprised if there > were more than a few hundred mail systems acting on DMARC policies, > although some of those are very, very large. Is it that hard to understand > why someone might think it was unreasonable to demand that the 30,000 make > changes of no benefit to themselves, rather than the few hundred fix their > buggy fussp? > > I don't think there is/was a way for Yahoo to fix the estimated few > hundred mail systems acting on DMARC policies, especially since most are > not controlled by Yahoo. Maybe they could have published a list of 30,000 > mail systems that are white-listed, but wouldn't that just be a publication > of 30,000 holes to exploit? > > The absolute most work I could imagine Yahoo and AOL having done would > have been to analyze and publish a series of articles/guidance on how > impacted email can be fixed, complete with accessible patches to all known > mailing systems. THEN, give the entire internet enough time to apply said > patches. This is my unicorn. > > For the next 10 years, I'm going to attempt to recreate this unicorn. > > > > > The 30K estimate is probably low, since there are likely many small mail > systems they aren't aware of but that they are damaging. For example, > yesterday a middle school teacher who found my old Dummmies web site wrote > to me out of the blue to say that his web form that lets students and > parents send mail to him stopped working for AOL and Yahoo addresses, which > just disappear. It took about two seconds to figure out what was wrong > when he told me that his script sends mail to his Gmail account. I told > him what was wrong, and he did a hack that sticks in a fake From: address, > so the mail gets through but now his script works worse since he can't > write back without extra effort. If he hadn't written to me, he'd probably > never have figured out what was wrong. These are real people who are > really hurt by the two providers' actions. > > In a similar vein, there are a fair number of businesses that do stuff > like encapsulate their customer mail with bling (fancy headers, pictures, > footers w/ disclaimers... "stationary"), and they're having to figure out > how to maintain their service when sending on behalf of clients with Yahoo > and AOL addresses. > > What is missing is "how am I supposed to do this right"? I'm not being > glib, there's a real vacuum due to email being what it is, and it's a > vacuum that I personally don't think corporations can/should fill. > > -= Tim > > > > > Regards, > > John Levine, [email protected], Taughannock Networks, Trumansburg NY > > Please consider the environment before reading this e-mail. > > > > PS: Here endeth the rant. > > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc > -- "We've learned some important lessons about Democracy. After 100 years, you have to let your slaves go. And after 150, you have to let your women vote." (Kurt Vonnegut)
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
