[Mailman-Users] DMARC and Bellsouth, etc.

Stephen J. Turnbull turnbull at sk.tsukuba.ac.jp
Thu Apr 17 08:24:28 CEST 2014

Lindsay Haisley writes:
 > On Wed, 2014-04-16 at 15:34 -0500, Mike Starr wrote:

 > > I know there aren't any teeth behind RFCs but it might at least get
 > > their attention.

The real problem is that RFCs are based on working practice,
preferably acknowledged best practice.  DMARC is an experiment which
is seriously flawed on the policy side, but has the potential to
provide a lot of useful information for spam-fighting (I mean real
spam-fighting, not the posturing that Yahoo! is involved in at the
moment), not to mention lightening the burden on ISPs and list
operators who implement DKIM and SPF.  Until Yahoo!'s experiment has
played out (which will take months), an anti-DMARC RFC is moot.  After
that, it will take years to get it through the IETF.

Note that DMARC itself is an Internet-Draft (ie, proto-RFC).  If you
want to fight this, the related mailing list is the right place.
However, looking at some of the threads there are rather high-powered
folks already on the list (eg, the guy who edited most of the SMTP
RFCs, and the guy who edited most of the RFC 822 series).  You had
better go in having booked up, or you will get ignored to death at
best.  Put it this way: *I* may go look over their archives, but it
will be quite a while before I'm willing to speak to anything except
technical details of how it affects mailing lists.

 > Doubtful, but the sentiment is noble.  My guess is that the people
 > at Yahoo who implemented this, and possibly also the designers of
 > DMARC, don't fully understand the RFC process and have a limited
 > attention span and very narrow focus of attention as far as such
 > things are concerned.

Nope.  If E. Zwicky (DMARC editor) is who I think she is, I owe her a
kitten.  No dummy.  Murray Kucherawy doesn't seem to have two heads or
a half-brain, either.

 > Their understanding (and knowledge) of accepted best practices
 > regarding email and mailing lists is woefully limited.

I rather doubt that.  The DMARC I-D has gone through several editions
(I-Ds have a life-span limited to 6 months, the current renewal
happened just about the time of Yahoo!'s policy change), suggesting
that the NetGods and the commercial providers have been thinking
pretty carefully all along.  I think that where understanding and
knowledge is lacking is on *this side* of the fence.  Few, if any, of
us have to make decisions about how to spend many millions of dollars
on additional bandwidth, 90% of which (according to some accounts) is
spam.  That's a pile of money on the line for these guys.

 > My guess also is that as a result, all of this kerfuffle has
 > probably caught a number of these people by surprise.

Indeed.  I suspect that they didn't do their homework and simply count
how many subscribers receive mail with List-* headers in them.

I think they probably also were surprised by how fast Yahoo is
hemmorhaging email users.

Steve-rushes-not-where-angels-fear-to-tread-ly y'rs,

More information about the Mailman-Users mailing list