On Mon, Jun 20, 2022 at 8:16 AM Bill Cole wrote: > That claim does apply to the simplest sort of mailing list, implemented > simply as an alias that 'explodes' into multiple recipients. > > That form of mailing list was already dying out 20 years ago when SPF > was being specified. I expect that it is only used today for lists that > are limited to one domain or administrative realm, where SPF would not > be in use.
I don't think this is true. I think the big change happened about 10 years ago when Yahoo (I think) turned on SPF "for real" (-all). At least that's what shows up in our repo's history. I looked at mailop's history, and it was a simple reflector in 2018, less than 5 years ago. The point here is that there I think this list serves as a bit of an echo chamber with regard to what mail software is out there. This list is a perfect example of slow-to-be-maintained mail software. If it were so easy, why didn't this list rewrite From addresses 20 years ago? If the answer is that it is run by (expert) volunteers, that proves the point. On Sat, Jun 18, 2022 at 8:03 AM Jaroslaw Rafa wrote: > A million of small mail operators serving 1000 accounts each will always > perform better than one big operator serving one billion accounts. I don't think this would be true. The problem with small operators with 1000 mail accounts is lack of scale. Any solution, e.g. to the mail forwarding problem, is very expensive for those 1000 accounts (or single email list), even if it involves using COTS. This is especially true if you don't know about this list, and most of these small operators (aka. non-expert volunteers) do not. The proliferation of standards from DMARC and ad hoc FBL standards has made the problem for small providers even worse. IMHO, the problem is a lack of a public trust model. ARC, SPF, and DKIM do not solve the trust problem. There should be some FOSS that implements the model (just like certbot implements ACME). We still need virus/spam detection algorithms. With a public trust model, it would be easy (and cheap) to communicate about these problems. (FBL's do not solve this problem either.) The big providers would bear the bulk of the cost, but it would be cheaper (guess) than the current solutions. Why is the trust problem not solved by DMARC? Please don't explain the standards process, or how I could volunteer. Rather tell us (if you know) which of the big providers is stopping this from happening? It could very well be this is a MAD-scenario. How could this be bypassed/resolved? Thanks, Rob
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
