On May 29, 2014, at 3:05 AM, John R Levine <jo...@taugh.com> wrote: > Really, that makes no difference. I don't want Yahoo or anyone else to pay > us to screw up our mail software to work around them -- I want them to spend > their money to fix things so we don't have to.
Yes, I get it, I guess in my own jaded way I don't think there is any amount of money that Yahoo and AOL can spend that will fix things (because email isn't owned by Yahoo or AOL). BUT, if Yahoo or AOL is willing to experiment, let that experiment be me! I replied to Doug earlier (not yet in archive), and hashed out my own thinking around how much domain owners can do vs. how to address "legitimate-but-unauthorizable" email. TLDR summary: addressing "legitimate-but-unauthorizable" mail is my answer to Scott Kitterman's question: "How do we define the scope of work for this list?". > > Yahoo, in their own blog, estimates there are 30,000 mail systems that they > have damaged by their DMARC actions. I would be surprised if there were more > than a few hundred mail systems acting on DMARC policies, although some of > those are very, very large. Is it that hard to understand why someone might > think it was unreasonable to demand that the 30,000 make changes of no > benefit to themselves, rather than the few hundred fix their buggy fussp? I don't think there is/was a way for Yahoo to fix the estimated few hundred mail systems acting on DMARC policies, especially since most are not controlled by Yahoo. Maybe they could have published a list of 30,000 mail systems that are white-listed, but wouldn't that just be a publication of 30,000 holes to exploit? The absolute most work I could imagine Yahoo and AOL having done would have been to analyze and publish a series of articles/guidance on how impacted email can be fixed, complete with accessible patches to all known mailing systems. THEN, give the entire internet enough time to apply said patches. This is my unicorn. For the next 10 years, I'm going to attempt to recreate this unicorn. > > The 30K estimate is probably low, since there are likely many small mail > systems they aren't aware of but that they are damaging. For example, > yesterday a middle school teacher who found my old Dummmies web site wrote to > me out of the blue to say that his web form that lets students and parents > send mail to him stopped working for AOL and Yahoo addresses, which just > disappear. It took about two seconds to figure out what was wrong when he > told me that his script sends mail to his Gmail account. I told him what was > wrong, and he did a hack that sticks in a fake From: address, so the mail > gets through but now his script works worse since he can't write back without > extra effort. If he hadn't written to me, he'd probably never have figured > out what was wrong. These are real people who are really hurt by the two > providers' actions. In a similar vein, there are a fair number of businesses that do stuff like encapsulate their customer mail with bling (fancy headers, pictures, footers w/ disclaimers... "stationary"), and they're having to figure out how to maintain their service when sending on behalf of clients with Yahoo and AOL addresses. What is missing is "how am I supposed to do this right"? I'm not being glib, there's a real vacuum due to email being what it is, and it's a vacuum that I personally don't think corporations can/should fill. -= Tim > > Regards, > John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY > Please consider the environment before reading this e-mail. > > PS: Here endeth the rant. _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc