Hi, I'll just make a few quick points here, as my message from yesterday was long enough :-)
Le 06/10/2021 à 00:30, Douglas Foster a écrit : > > We clearly disagree about whether mailing list SHOULD be a closed > group. Indeed we do, but ultimately it doesn't matter that much. The relevant question is not what mailing lists *should be*, but what they *are*. It just so happens that some people (me included) would rather *not* be protected from «any risk associated with interacting with strangers» by some entity out of their control. Which can also mean taking one's own precautions, as you describe. Still, if I wanted Facebook, I know where to find them (OK, maybe not yesterday :-) > We also disagree about authorship. I argue that a message received > directly from you is very different from a message received via the > list. We indeed disagree. I can understand your point *in theory*. But in practice, mailing lists do not *substantially* modify the contents of the messages. This practice is not ensured through any *technical* means, but through *social* means: reputation, threat of legal action in the worst case… Communication is not just technology. FWIW, I would never post to a mailing list that altered the substance of the messages, *even if* it would also alter the "From" field. > You propose special handling of messages from lists, but you gloss over > the difficulties of identifying a list message. List headers appear > in lots of mass mailings, and any header that cannot be authenticated > cannot be trusted. To clarify my view: I don't believe messages from mailing list should get a free PASS, except maybe as a temporary measure while a solution is devised. What I believe is that DMARC implementers should take their own responsibilities. If a receiving domain decides to enforce p=reject on mailing-list messages, they should *silently discard* the messages and face any related user complaints, not dump the problem onto the mailing lists operators by bouncing. > Currently, lists have an outsized impact on network security. > […] As a result, spammers know that universities are widely respected > that universities are widely respected and easily spoofed, so those > and easily spoofed, so those domains become weapons. You seem to view mailing lists as the only roadblock towards *universal* DMARC adoption and subsequent end of all spoofing. I'm afraid this is way unrealistic… Anyway, asking mailing lists to sacrifice themselves in the name of the greater good (or your view thereof) does not seem like a constructive strategy, nor an efficient one. Any constructive solution should take mailing lists as they are and work with those requirements. Otherwise, the situation will stay as stuck as it has been for several years already. Cheers, Baptiste _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
