> 8. Challenge/response sender whitelisting software which > requires interaction by any party to validate a post to the > NANOG mailing list as non-spam shall be treated by the list > administration team like any other condition that generates a > bounce message. Subscribers with software (such as but not > limited to TMDA) that is (mis)configured in this fashion are > subject to removal from the list without notice, and are > welcome to resubscribe at such time as their software is fixed.
I object to this proposal on the grounds that it is unclear and it is not fair in the form quoted above. Thought experiment: I write an email message addressed to [EMAIL PROTECTED] and send it. It is processed by the mailing list software and some-nanog-server.merit.edu sends it to [EMAIL PROTECTED] Joe has a challenge-response system installed and it recognizes that this email comes from a mailing list to which he subscribes and simply delivers it to Joe. Joe finds this interesting and writes a reply to the list. Then Weeble Fuzzlebratz takes exception to Joe's posting and writes a reply which he sends to me, Joe Bloe and [EMAIL PROTECTED] When Joe's challenge-response system sees the mail from Weeble, it sends him a challenge-response message. Weeble fumes and fusses and forwards this outrage to the MLC demanding that Joe Bloe be dropped from the list. Personally, I don't see why Weeble is outraged at such a thing. But the larger issue is whether or not Joe's software is correctly configured. It allows messages from the NANOG mailing list servers to pass unchallenged. But when a list member, not previously known to Joe, sends a direct message to Joe Bloe, the challenge-response kicks in. This seems to me to be right and proper and the normal way a C-R system should work. Joe has done nothing wrong. But Weeble has sinned against the robustness principle "Be conservative in what you send, be liberal in what you accept from others". A variant of this principle is found in the Fidonet motto "don't offend, and don't be too easily offended" which arguably is more relevant to a mailing list. Has Joe offended? Or is Weeble too easily offended? If there is to be such a statement in the AUP then I think that it needs to be unambiguously clear that it only applies to messages fowarded by the mailing list servers and not to private messages sent directly by list members. The fact that many list members are unable to manage their To: and Cc: headers is not sufficient reason for changing the AUP. Also, one wonders whether this might be better handled by education than by punishments. Do we make it clear how to configure a C-R system on the NANOG mailing list subscription pages? --Michael Dillon
