Hector Santos writes: > Will you implement it? You need to implement it as part of the LSP > integration.
What LSP integration? DMARC is an agreement between Author Domains and destination hosts. Mediators are not party to it. It's arguable that the host MTA should be checking DMARC authentication and alignment, but that's different from saying the list should. > understand you are a LSP. DMARC effects you differently, but we can't > throw out the proverbial baby. I don't care what *you* do with your proverbial baby. The point is that *LSPs* are mostly not in a position to say "Fork off" to Yahoo! subscribers. And subject tags, headers, footers, and removal of bloated attachments are services that are very popular with users, although these features break DKIM signatures. Since we're going to continue to provide those signature-breaking features, and lists are not going to ban Yahoo! subscribers, the policies you propose are simply not going to be used by a significant fraction of lists. Instead they're going to corrupt "From:" or wrap messages "From:" "p=reject" domains. And just as there's not a damn thing you can do to get Yahoo! to revert their policy to quarantine or none, there's not a damn thing you can do stop lists from sidestepping DMARC. > The demand is high to deploy system level rejections for older and > newer policy reasons. Not among Mailman list owners, it isn't. > >> Do you realize how many different MUAs exist? and the different forms > >> of MUAs? > > > > I haven't counted. How many are there? > > Lots, too long to list. I didn't need you to tell me that. I was hoping for useful data. > Is this practical business expert "opinion" acceptable? No. You assert that you are an expert, you assert various things are true or necessary, but you clearly lack understanding of the context of mailing lists that makes MLM developers provide the mitigations we do. So your advice is not trustworthy, not for list operators. > I'm cool with that, so what are the defaults? Maybe you can add user > options like: > > [X] I want to reject mail from unauthorized DMARC sites. I have no idea what you're trying to get at. What is an "unauthorized DMARC site"? Do we need to get permission to use DMARC? > Will you provide it to them or is it too "Draconian" for them to > have available? Do you even understand the technology? Lists are Mediators, they are not party to DMARC, and they don't need to be to provide that option. They just let the mail go through, and take care not to let the bounces bounce subscribers into disablement or unsubscription. Anyway, an expert like you should know that it's really inefficient to have the list bounce "unauthorized DMARC sites" when we can have the MTA do it. In fact, that's the point you've been trying to make to me over and over again (you would even like to reject before DATA, right?) So why are you talking to me when you should be lobbying the Postfix, Exim and Sendmail guys? > Well, it pointless to say "many" Why, thank you for caring so much about our problems. > because what the "many" is really suffering from is the lack of > options with the DMARC protocol. It is missing LSP provisions and > once that happens then you will have your tools to adjust > gracefully. You mean *if* DMARC gets LSP provisions. DKIM is what, 7 years old or so? Obviously 3rd party provisions are hard to implement. That may be for political reasons, as you have implied several times. But I don't care -- if politics means we won't get 3rd party authentication for another 7 years, lists will have to use alternative mitigations until then. And if it's actually a hard technology problem, it may take longer than that. Besides which, as expert as you claim to be, you should be aware that it may take several years before systems upgrade to the most recent versions of software. DMARC is here *now*, yahoo.com has a "p=reject" policy *now*, and we (the MLM developers) need to get mitigations into the pipeline *now* for immediate (or asap, anyway) use by our users. We cannot wait for your vaporware, as graceful as it may be when it at long last arrives in usable form. > But you have to agree the LSP needs to do the lookup or its > frontend receiver has to do the lookup and be aware of the ML part, > i.e. acceptable list addresses. Not at all. DMARC is an agreement (100% private and unsanctioned by the Internet, at this point in time) between Author Domains and destination hosts. Lists and the systems that host them are not parties. The list's host may very well check alignment on the way in, and guess what? it will be satisfied for legitimate list traffic. That doesn't help getting it delivered though. Note that the most efficient way to handle this task is going to vary by MTA, so although we may wish to publish FAQs to help our users (assuming any actually do wish to adopt the inflexible policy you advocate), it's clearly not the MLM dev's job to implement anything. > Stephen, I do believe that it is "Bad Policy" to be promoting a > concept of ignoring new growing policy protocols. That's FUD. Nobody is promoting "ignorance", and I don't appreciate you implying that I do. > It isn't going to help in the long run. DMARC is here. It isn't > going to go away. You're the only one who talks about DMARC going away as if anybody were seriously hoping it would. Nobody believes that is going to happen, nobody believes that Yahoo! is going to change its policy, either. I wish you would stop misinterpreting other people's positions, and I especially wish you would stop *posting* your misinformation. > Sure, its my opinion and I like to think I am more right than > wrong. :) That's beyond obvious. :( _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
