J. Gomez writes: > Is the message Subject in the public domain? Is the message Body in > the public domain? Why are many mailing lists taking liberties with > them?
Our interpretation is that no liberties are being taken: we have tacit permission from the authors. I've *never* seen an author object to those changes. The only people who interpret them as not consonant with the authors' wishes are spamfighters like you who aren't even subscribed to the lists whose policy they advocate changing. On the other hand, authors (and recipients) do object to lists falsely claiming authorship of posts, for several reasons. The cases are quite different in the minds of the users. Ask yours; you find the same, I'm sure. > Sorry, but I think your analogy of email vs property does not > compute. "Taking ownership" is your term, not mine. I simply pointed out that it has pretty wretched connotations of theft, forgery, and fraud. > That field contains the Author, and if the Author signed with DKIM > and the mediated message breaks that signature, it can then be > argued that Authorship has suffered and therefore that the From: > Header should reflect that fact. Anything can be argued. But I've never seen a *subscriber* ask for this change, except when directed to do so by the "customer placation" department at their provider. I conclude that "cure worse than the disease" spamfighters are the only advocates of this interpretation. > What changes have happened to the role of Mediator, to improve > validation/authentication of the email system as a whole? None that > I see, yet. You won't, because there are none possible. Currently, validation/ authentication is a protocol agreed between the originator and the recipient, and as currently formulated, it is the originator's option to deprecate *all* mediation unilaterally by signing the whole message -- and that's the common practice. Further, originators can use the DMARC protocol to *forbid* mediation by signing the whole message and publishing p=reject, again unilaterally. Several attempts to devise ways for Mediators to participate in these protocols are in the internet-draft stage, but all have strong detractors. And of course one option (of abstaining from mediation) is as old as mailing lists -- the earliest MLMs were simple exploders -- and is still availabie at the list owner's option. > Well, I don't "attack" anyone, I express my opinion about what I > think would be the easiest and lest painful --considering the email > system as a whole-- solution to the problem. It's already available, and already used when the actual participants in a mediated channel so prefer. Your expression of opinion therefore is useless -- *you* can already do what you claim is best on your own lists, and at least the MLM product I help develop provides the option, but experience shows that many subscribers and owners strongly dislike it and very few favor it. > I think we should get past the Yahoos and the AOLs. They pioneered > the misue of DMARC, but that misuse is here to stay and will > certainly grow, That's possible, but really, only yahoo.com and aol.com matter. No Yahoo! or AOL affiliate that I've checked other than those two publishes p=reject or even p=quarantine, and in fact I've never seen p=reject on a domain that posts to a mailing list other than those two. It's true that a great majority of mail is sent from domains that participate in the DMARC protocol, and many of them publish p=reject. But IME only yahoo.com and aol.com cause problems for mailing lists. he others either don't post to lists or don't publish p=reject. > problem space is now bigger than just Yahoo and AOL. Name some other domains whose actual interaction with Mediators is problematic. > I also feel I am advocating my users's best interests. I am not mad > at you, don't be mad at me. :-) Why is it in *your* users' interests to tell *me* how to run my lists? That's what I perceive as an attack, since I see no good reason. GNU Mailman, for example, provides several DMARC mitigations. The traditionally available "just forward" configuration is still available, but disliked strongly because users really like have unsubscribe and archive links in the footer. The "steal authorship" option is available since Oct 2013 (6 months before the April Fiasco). Encapsulation of the decorated message in a message/rfc822 MIME part was provided later in 2013 IIRC. The problem is that all are detested by some users, and none are actually liked by any user. Therefore we developers continue to seek alternatives -- but all desirable alternatives require cooperation of "p=reject" posting domains because of the nature of current validation/ authentication protocols as Originator-Receiver agreements. _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc