On Thursday, May 07, 2015 02:53:06 PM Stephen J. Turnbull wrote: > Scott Kitterman writes: > > TPA requires cooperation from originators and receivers, so there's > > no "new" issue. Any make a list approach that needs both > > originators and receivers to participate needs to work for both > > large/small originators/receivers and I don't think this does. > > "Sez you", but I don't see a rationale for "not work" that actually > addresses the intended use case. > > In fact, what's required for making a list is Mediators (mailing > lists) that use the List-Post field. A very large proportion of those > that allow open (or subscriber) posting do provide that already, and > at least for Mailman lists it's trivial to turn them on. So only the > Author Domain (and perhaps its users) need participate to make the > list. > > To use the list, the Author Domain needs to produce "delegation > signatures", and recipients need to process those signatures. > Implementation is hardly high cost. Large domains can generally > afford the cost of revising their custom MTAs. Many small domains > will be using Exim, Sendmail, or Postfix, and the latter two implement > the milter protocol so a software upgrade isn't necessary, and Exim > can be configured to call out to another program, too, so it might > need a separate implementation, but it would be do-able without > upgrading the MTA. A gradual rollout therefore is quite feasible.
I agree with all that, but I think it's irrelevant. I publish p=none because I don't want to have problems participating in mailing lists. I've published SPF -all since 2004 and have no trouble with some small cost associated with email authentication, but DMARC is different. I took a quick look at the last week's worth of data for my domain and mail sent through ietf.org. Each mail I send to an IETF list turns into about 25 messages reported in DMARC feedback data. They are all DMARC fail due either to lack of alignment or failed DKIM signatures. Roughly 80% of those reports are from Google, Yahoo!, and Microsoft. I don't see any evidence that any large operators such as this are willing to sign up for an approach like this, but let's imagine everyone else does because it's "easy". Then instead of 100% of my IETF list mail failing DMARC, 80% fails. Is 20% success sufficient for me to switch to p=reject? I guarantee you it is not. At the end of the day, without the large providers on board, any solution that requires change at both the sender and the receiver needs the large providers on board or it's useless. Scott K _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
