On Sat, Apr 8, 2023, at 4:12 AM, Douglas Foster wrote:
> It is pretty clear how an AOL-compatible mailing list can be configured:
>
> • All messages come from the list domain
> • Plus addressing is used to give each subscriber a unique From address..
> • To be standards-compliant the plus address still needs to fit within the
> 64-character limit, so the suffix is a code, not the full email address.
> "John.Doe@subscriberdomain" is translated to "ListName+17@listdomain"
> • The Friendly Name is used to identify the subscriber, his email address,
> and optionally the list itself. "John Doe John.Doe@subscriberdomain via
> Listname"
> • Reply-To is set to the list address
> This approach:
> • Eliminates impersonation of other domains
> • Eliminates subscriber specific message blocking based on
> • Subscriber domain has DMARC enforcement
> • Subscriber domain matches recipient domain
> • Subscriber domain is included in a geo-blocking rule
> • Allows the list to be protected from impersonation using DMARC
> • Allows list authentication to survive downstream forwarding.
> I suspect that this configuration is within the capabilities of existing
> products, but maybe some software changes would be needed.
>
> It becomes a simple choice: Lists can adapt to operate the way AOL and
> others want them to work, or they can keep to the old ways and live with the
> consequences. When the old ways cause damage, I don't think the damage is
> any longer a DMARC problem. We should formally document how to implement a
> DMARC-compatible mailing list, and then stop worrying about those who don't
> want to be DMARC-compatible.
>
> Doug Foster
I can say from experience, being responsible to retire and replace an aging EDU
mailing list platform hosting thousands of lists, the choice was simple. The
DMARC-incompatible options were immediately ruled out.
An academic who happens to reside on a DMARC enabled domain should not have
their thoughts quarantined or rejected. That would conflict with the mission of
any university.
It's been a few years, but I just checked one of the old EDU email admin
chatter, and it appears that even more of of them are moving towards DMARC
policies, or at least talking about it more than I remember. This trend appears
to be encouraged by the dominant MBP and a new bundled service from a major
DMARC deployment company.
Jesse
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
