On 6/10/2014 4:21 PM, Stephen J. Turnbull wrote:
Hector Santos writes:
> Will you implement it? You need to implement it as part of the LSP
> integration.
What LSP integration? DMARC is an agreement between Author Domains
and destination hosts. Mediators are not party to it.
Once you got involved with DKIM, you became a party of it.
It's arguable that the host MTA should be checking DMARC
authentication and alignment, but that's different from saying
the list should.
Someone has to do it. Thats an implementation issue. The MTA, the
LSP, whoever, whatever, the entry point is where it needs to be done.
I thought this was understood.
I didn't need you to tell me that. I was hoping for useful data.
You really don't need a list of MUAs, do you? Don't think so.
Is this practical business expert "opinion" acceptable?
No. You assert that you are an expert, you assert various things are
true or necessary, but you clearly lack understanding of the context
of mailing lists that makes MLM developers provide the mitigations we
do. So your advice is not trustworthy, not for list operators.
You are being rude again, this is completely off-base. I'm an
engineer. In principle, I prefer to follow protocols rather than break
them, and if they is a bug in the protocol, then I will help in
addressing it. I believe that is where we are at.
I have no idea what you're trying to get at. What is an "unauthorized
DMARC site"?
You indicated your preference not to reject at the system level.
Perhaps user level?
Will you provide it to them or is it too "Draconian" for them to
have available?
Do you even understand the technology?
Rude again.
Lists are Mediators, they are not party to DMARC, and they don't need
to be to provide that option.
This is why we have a problem. You think the LSP does not need to do
any lookups. This is major hurdle #1 the expected pending IETF DMARC
WG needs to consider in its charter.
Anyway, an expert like you should know that it's really inefficient to
have the list bounce "unauthorized DMARC sites" when we can have the
MTA do it. In fact, that's the point you've been trying to make to me
over and over again (you would even like to reject before DATA,
right?) So why are you talking to me when you should be lobbying the
Postfix, Exim and Sendmail guys?
The problem is not with the SMTP system. Its the LSP.
Besides which, as expert as you claim to be,
you are being rude again... but go on...
you should be aware that
it may take several years before systems upgrade to the most recent
versions of software. DMARC is here *now*, yahoo.com has a "p=reject"
policy *now*, and we (the MLM developers) need to get mitigations into
the pipeline *now* for immediate (or asap, anyway) use by our users.
We cannot wait for your vaporware, as graceful as it may be when it at
long last arrives in usable form.
Its a tough situation.
That is why I am trying to figure what it is taking so long for the
IETF to get going with a DMARC WG. But I was made aware, things are
in the works. So we wait...
We really do need another emergency "MARID" working group started. You
can do whatever you think as necessary as a temporary solution, I
don't recommend it, I won't add it to our wcListServer product, but I
can understand why you are passionate about it. But it is not the
solution by any measure. I can only hope that is remains to be a
temporary isolated (to GNU Mailman) kludge. My thinking is this will
be the case.
Once we get the IETF endorsement to proceed with known methods that
have been proposed and already implemented with "running code" then
the others will follow. I believe the Yahoo's will support it but we
still have to remember there will be domains that DO NOT want you to
intentionally bypass the security. So you will need to decide what to
do with them. In principle, the LSP is part of the network and needs
to support it whether that is done with a MTA-receiver component or
otherwise.
Not at all. DMARC is an agreement (100% private and unsanctioned by
the Internet, at this point in time) between Author Domains and
destination hosts.
The LSP is a destination host for the user submitting list mail. The
LSP is part of the total picture.
Note that the most efficient way to handle this task is going to vary
by MTA, so although we may wish to publish FAQs to help our users
(assuming any actually do wish to adopt the inflexible policy you
advocate), it's clearly not the MLM dev's job to implement anything.
The MTA-Receiver is where it should be at. But what if the MTA
receiver does not support DMARC?
"Installation note for GNU Mailman. Requires DMARC compliant
SMTP receivers."
Thats fine. Our MLS works the same way.
Stephen, I do believe that it is "Bad Policy" to be promoting a
concept of ignoring new growing policy protocols.
That's FUD. Nobody is promoting "ignorance", and I don't appreciate
you implying that I do.
You stated in a very militant manner that your LSPs software will
ignore DMARC. I don't recommend it but I understand the dilemma.
Other systems will just not worry about the domains that do have
strong policies and let those accounts just automated get
unsubscribed. This is what happen in our support list.
It isn't going to help in the long run. DMARC is here. It isn't
going to go away.
You're the only one who talks about DMARC going away as if anybody
were seriously hoping it would.
Being rude again....
Nobody believes that is going to
happen, nobody believes that Yahoo! is going to change its policy,
either. I wish you would stop misinterpreting other people's
positions, and I especially wish you would stop *posting* your
misinformation.
And again....
Ok, I know where you stand. I hope you understand where I stand.
--
HLS
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
