Silberman, Sam writes: > Previous posts have suggested this is a small problem.
I'm not quite sure what "this" refers to, but I think that is unfair. Several of us have repeatedly insisted on the importance of aspects of the issue other than the ones that get the most discussion, despite our personal concern with those aspects of the problem (eg, I'm an MLM developer) and personal lack of experience with other 3rd-party email services and backed-up-against-the-wall-by-mail-abuse large providers. Beyond acknowledging the need, advocacy needs to be informed by expertise in the particulars of these issues. If you have that expertise, I for one am all ears, and I suppose so is everyone else. It's been sadly deficient so far. > We need to be focusing on # of users impacted, not percentage of > mail bounced. I'm not sure I agree. You mention a use case where: > They have no $$, so they use a free mail service ( > p...@dmarc-protected-mailservice.com) which is a specifically deprecated use-case in the DMARC document (and at least some such services are well-aware that what they are doing is a Bad Idea[tm]). Should we spend effort specifically on remediating foot-shooting behavior by mailbox-provider services? > Telling user like this one to change mail providers solves nothing > in the long term. Of course it does make a difference, though. If enough users switch, that email/portal service will awaken to the need for solutions like DKIM-Delegate, DKIM-Conditional, and TPA-Labels, or alternative solutions to their specific spam problems. Otherwise I imagine they will be most comfortable continuing to throw their problems over the fence into our backyards, as they have been doing. Changing that benefit-cost proposition is essential to getting implementation of solutions effected. So far these services have contributed nothing helpful to the discussion of design of protocol improvements that I've seen; they clearly don't see a profitable (for them) way forward from the status quo. And the most active contributor from the DMARC-using operator group is an advocate of positions that I would summarize as "typical MLMs and 3rd-party services are broken and need to fix themselves to adapt to a DMARC 'p=reject' world". > Ultimately, solving DMARC indirect flows for this user will get us > very close to solving indirect flows over the rest of the world. But *we* can't *solve* indirect flows. All *we* can do is provide a protocol that mitigates the problem in theory. To have an effect, that protocol must be adopted by the same folks who created the problem and are busily telling 3rd parties to fix their service models, and thanking the 3rd parties for behavior clearly not conformant to the most basic of RFCs. I don't see why we can expect them to stop doing these things -- DMARC p=reject been quite effective in stopping some very dangerous spam/phishing, and blame the victim has convinced many of their users that the problem is in the 3rd-party service models, and those users turn around and complain to lists and other indirect mail services. Viz. the recent post to this list, requesting that list tags in Subject and footers containing detailed contact information no longer be added to list posts. That the poster would take that position doesn't surprise me: he's advocated that same measure on Mailman lists as well. But that other members of this WG would give even qualified support shows a clear lack of confidence that a solution attractive to the 'p=reject' freemail providers will be found *and* implemented. _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
