This discussion is based on a mixture of theory and pragmatism. The pragmatism side is that AOL has created a problem, is unlikely to change, and we have to deal with life as it is rather than the way I would like it to be.
The theoretical side is more difficult. I would like to be more sympathetic, but the theory doesn't support it. I hear the mailing list complaint as, "Any intermediary should be able to modify any traffic without restriction. These modifications are always beneficial, and therefore the modified message should be more acceptable than the original." In short, the whole idea of DKIM is rejected. As an evaluator, what I can accept is that "Some intermediaries could be allowed to make some changes to messages, if I have a list of intermediaries that should be allowed, sufficient reason to trust what they propose to do, and a reliable way to identify them." I do exceptions all the time. But lists don't want to make special arrangements with evaluators, and don't want to make special arrangements with senders. Apparently, lists don't even want to do rigorous verification to ensure that a post comes from the purported subscriber. But they do want unrestricted access to evaluators that filter based on simplistic triggers like "p=reject". I think evaluators SHOULD NOT block on simplistic rules like p=reject, because a correct p=reject block requires follow-on work to block everything else from that malicious source, and should not be done incorrectly. They should review, either with pre-quarantine or post-audit, which is what I do. I have no problem with disposition=quarantine, even for p=none. I am obligated to protect my users, while also obligated to provide my users the messages they need, not the ones that are technically optimal I don't understand why Big Tech and its A.I. tools cannot be deployed to do the best thing. Doug Foster On Sun, Apr 9, 2023 at 2:52 PM Murray S. Kucherawy <superu...@gmail.com> wrote: > On Sat, Apr 8, 2023 at 2:13 AM Douglas Foster < > dougfoster.emailstanda...@gmail.com> wrote: > >> It becomes a simple choice: Lists can adapt to operate the way AOL and >> others want them to work, or they can keep to the old ways and live with >> the consequences. When the old ways cause damage, I don't think the >> damage is any longer a DMARC problem. We should formally document how to >> implement a DMARC-compatible mailing list, and then stop worrying about >> those who don't want to be DMARC-compatible. >> > > In what way do "the old ways cause damage"? What damage? They didn't > change anything. Abruptly, unilaterally, declaring the entire global > deployed mailing list base to be obsolete is a strikingly audacious move. > > Still, if something like what you're proposing could gain acceptance and > commitment from the mailing list community, you just might have a consensus > solution on your hands. I suggest approaching them to ask. They may not > be able to accept it as-is, but could have a counter-proposal that we find > palatable. > > -MSK, participating > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc