On Thu, Jul 13, 2023 at 6:11 AM Douglas Foster < [email protected]> wrote:
> I did not say "life isn't fair" to be rude, but as a call to acknowledge > the reality that exists rather than the reality you wish you had. > So what I'm hearing, again, is "Lists should get with the times." I'm not ignorant to the fact that the threat model is different than it was in, say, the late 1990s. What I think I have a problem with is how we got to this place, and I'm not sold on the notion that the right, or only, path forward is to just tell them to suck it up. And I don't consider myself a "list advocate". I think I would be a staunch advocate of any use case that got so seriously disrupted by a change imposed unilaterally by one corner of a broad ecosystem. DMARC shipped before it was fully ready, and we're still dealing with the aftermath. As an engineering exercise, its rollout feels to me like either bad design or bad rollout, or both. I get the often attractive nature of "fix forward" as an operational engineering strategy, but it's particularly hard to swallow when the proposed forward paths are all unattractive, and the true source of the problem was questionable to begin with. We know that a large portion of email is unsolicited, unwanted, or > malicious. Consequently, there is no right or certainty of delivery. To > get delivery, you need to satisfy the requirements of the evaluator. > Reality is that lists find this difficulty and do notvwant to do this. > > The issue is not about lists being second class. What lists do to a > message is a privileged function, because modifying a message can be done > maliciously as easily as it can be done innocently. So the real problem > is that DMARC demoted them from privileged to non-privileged by exposing > the risk inherent in their message modifications. Non-privileged > parricipants do not have permission to modify messages that they did not > author. > I think this description is pretty solid, but it presumes that the current situation has always existed. Prior to DMARC, nobody I know thought message modifications made by lists was a privileged function. In fact, I would argue that even if it was, we were fine with lists having that privilege because it served (and still serves) a useful purpose. Parts of the ecosystem, mostly found in MUAs or header field documentation, evolved specifically to make working with lists easier. With DMARC, that privilege was abruptly removed, and then this faction appeared that argued fervently that lists need to snap to. > This IS a plan for compromise. But every part of this solution has been > dismissed in this group because lists are victims that deserve reparations. > I strongly doubt that that's an appropriate analogy. -MSK
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
