:: [DNG] Again, again: DMARC is a no-…
Top Pagina
Delete this message
Reply to this message
Auteur: Rick Moen
Datum:  
Aan: dng
Oude Onderwerpen: [DNG] Can we fix this DMARC thing?
Onderwerp: [DNG] Again, again: DMARC is a no-win problem for mailing lists (was: Can we fix this DMARC thing?)
Quoting Steve Litt (slitt@???):

> Seriously, this DMARC thing, or at least the way it's implemented on
> DNG, is downright dangerous.


Seriously, at the time this came up, I worked really hard, tirelessly,
and thanklessly, and repeatedly, to explain that Dng was caught in a
dilemma created by a mailing-list-hostile anti-forgery standard, a
well-intentioned but (in my opinion) badly written piece of ancillary
plumbing for SMTP and DNS. I carefully, painstakingly qualified what I
said, and dealt with the inevitable people who wanted to argue merely
because I expressed a viewpoint, who wanted in knee-jerk fashion to
dismiss what I said as yet another subvariety of SMTP crankery, or who
were the inevitable sort of edge-case fanatics who lurk on all technical
mailing lists.

I described how the architecture of DMARC left _all_ the mailing lists in
the world in a no-win situation. I detailed how the GNU Mailman people
had built into recent releases two separate choice of ways to try to
mitigate the DMARC disaster. I detailed why I strongly recommended one
of those mitigations strongly over the other. I very carefully
disclosed the disadvantages, stressing that there would be some
unavoidable problems resulting from the preferred mitigation's operation
any time the mailing list poster is sending from a domain with a
strongly asserted DMARC policy.

I tirelessly repeated these explanations over a span of months, as the
Dyne principal volunteers came to grips with the problem and parsed what
I and others were saying.

And, after a whole lot of my attempting to explain, and explain again,
and explain again, and deal with arguments and knee-jerk naysaying, the
Dyne principals accepted my recommendation as the least-bad course of
action, and implemented the better of the two mitigations.

Which brings us to the present.


> Let me repeat: "Reply to sender" should never, ever go to the list.


What part of 'some unavoidable problems resulting from the preferred
mitigation's operation any time the mailing list poster is sending from
a domain with a strongly asserted DMARC policy' was unclear?

> Did you know that for some but not all DNG email, "reply to sender"
> sends it to the list?


Did you know that most senders don't suffer the malign effects of
strong-asserted DMARC policies in their domains' DNS? I've only
explained that on Dng a few dozen times. Probably it didn't sink in.


You're making me sorrowful, my friend. I am feeling as if all of my
efforts to make the no-win nature of the situation, and my mentioning
in _particular_ the great irony of my appearing to recommend (a very
limited form of) Reply-To munging, after a quarter-century of trying to
calmly document for the Internet why it's a bad idea, was time wasted.

Tell you what: How about you go onto the Mailman developers' mailing
list and bitch about how their least-bad effort to limit the pernicious
effects of a badly written anti-forgery standard thrust upon them by
others fails to meet your needs? Would you mind doing that?

Part of the reason I'm asking is that you, personally, you my friend Mr.
Litt, recently accidentally posted private mail here portraying me as
a particularly contentious person (in your view as a denizen of Florida,
a land of noted passive-aggressives), and thus, if I now argue with
you, I will help support your accidental character assassination.
(I'll be nice and call it accidental, even though it accords with
previous personal characterisations of me you've posted
non-accidentally.)

And, well, I'm not going to. For lots of reasons including their
being no percentage in it. Have a great holiday season. (Chag Chanukah
sameach.)


And, next time, _you_ get to do the heavy lifting and deal with people
who cannot be bothered to read and understand what you said.

Meanwhile, I give up.


> I beg whomever is in charge of the DNG mailing list to fix whatever's
> wrong with the DMARC implementation.


I beg you to pay attention, next time. If I bother to explain anything
next time.

-- 
Cheers,                          "Maybe the law ain’t perfect, but it’s the only
Rick Moen                        one we got, and without it we got nuthin'."
rick@???              -- U.S. Deputy Marshal Bass Reeves, circa 1875
McQ! (4x80)