Dave Crocker writes: > A mailing list typically defines a 'community' for discussion. At > least some of the modifications it does are to assert that > community in some visible ways.
Sure, but From-munging is not an assertion of community, it's an assertion that there's a war out there, and the community is taking hits from friendly fire. > Mailing lists therefore have the right to make the changes they > make. That's an incomplete statement. They have the right to make the changes as long as they are compatible with community standards. For example, some lists provide advertising space in the footer. Others would have a revolution if you tried. From-munging is just not part of the community standard in most lists I participate in (and I've heard that some Yahoo! and AOL users object violently to the mitigations used to keep their posts from bouncing all over the world). Anne Bennett: > > I'm not against the idea that mailing list software might have to > > adapt to the new reality (of the need for protection against > > spoofing), even though there will be a lengthy transition period. Hardly. It's already done, at least in GNU Mailman: all of the transformations that invalidate DKIM signatures are optional. From-munging was *released* in October 2013 (in 2.1.16 IIRC). That's right, *before* the April DMARC Debacle. We have continued to refine the features (it's now possible in 2.1.18-1 to condition mitigations on a DNS lookup for "p=reject"). The software is not the problem. The list owners and list subscribers are. Back to Dave: > I think the historical challenge has less been a case of > philosophical legitimacy From-munging is hardly open-and-shut "philosophically legitimate." It has its advocates, but it sucks for many users because of the way their MUAs handle it, it arguably violates RFC 5322, and is ugly to boot. Nevertheless, GNU Mailman has a From-Munging option.[1] > and more of inability to gain active, constructive participation of > mailing list software maintainers. Hey, I resent that. You guys use GNU Mailman; you know where to find us if you want participation. Sure, we resist doing what is proposed. The fact is that choices we've been offered suck. Go away (the choice offered by experimental early versions of SPF)? You jest. From-Munging? Yuck -- and guess what, you're no fan, yourself. No subject tags, no footers? Excuse me, but prohibiting a valuable feature is exactly the opposite of a constructive change -- and you don't like this mitigation yourself. Note that these mitigations are now in GNU Mailman, as options. But most list owners don't want them. We've come up with our own (RFC-conforming) mitigations. They suck, too (MUAs are not prepared to deal with them gracefully, or in the case of iOS Apple Mail, at all). It's not the MLM developers you have a problem getting cooperation from. It's our users. Bottom line: making indirect mail flows compatible with DMARC-style spoof-protection is a hard problem. Footnotes: [1] Patch courtesy of Franck Martin. _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
