A lot of points have been raised (again) in this thread - and I was only
looking at what went to the DMARC WG list, forgetting that of course
somebody would continue/branch the conversation by only using the
ietf@ietf list...
John Klensin highlighted a fundamental issue when he mentioned "the
priv
Ted,
I started that note before you posted your list of four options
and decided to send it anyway. I think your list is correct
and, since it apparently wasn't obvious from my comments, prefer
your first option.
The reason for the long note is that I don't accept this as
"just life". I believ
Andrew G. Malis wrote:
> Three thumbs up on the last sentiment above - could you imagine saying
> to someone that you need to switch phone providers in order to reach
> certain recipients? And while my current use of gmail allows me to more
yes, we lived through a decade of:
"Th
Ted Lemon wrote:
> FWIW, I use Google For Work (or whatever it's called this week) and it
> doesn't automatically add DMARC headers--that's something that you have
> to configure, apparently. So while I think that gmail.com is probably
> a lost cause, if your org is using GfW, yo
Forgive me if this isn’t as respectful as it could be, but your rather long
dissertation on the problem didn’t actually say what would go wrong if we did
something about it. Is there something missing from the summary I wrote and
sent to the mailing list yesterday?
This is an operational issu
--On Thursday, November 03, 2016 14:24 -0400 "Andrew G. Malis"
wrote:
>...
>> And regarding Terry's previous paragraph, while I'm by no
means an
>> expert on DMARC (or mailman for that matter), a bit of
>> googling tells me that there are more recent versions of
>> mailman than what the IETF is
On 11/2/2016 6:19 PM, Brian E Carpenter wrote:
I think Michael Richardson made a very valid point. If our mailing
list software detects a sender whose domain has p=reject, we *know*
that the forwarded message will fail DMARC validation. So there's a
strong case for rejecting the message immediat
> From: "Brandon Long"
> To: "Brian E Carpenter"
> Cc: "Michael Richardson" , dmarc@ietf.org, "IETF"
> , "Cullen Jennings"
> Sent: Thursday, November 3, 2016 3:39:22 PM
> Subject: Re: [dmarc-ietf] IETF Mailing
On Thu, Nov 03, 2016 at 05:30:20PM +, Terry Zink wrote:
>
> The average Internet user doesn't understand DMARC. The average
> person on an Internet mailing list doesn't understand DMARC either,
> and even the average tech person on a mailing list doesn't
> understand DMARC. All they know is th
On Thu 03/Nov/2016 16:53:42 +0100 Hector Santos wrote:
The ietf.org list manager destroys my submission integrity by changing the
subject line, adds a footer, etc, as most list systems has done for many years,
thus destroying the first two DKIM signatures.
That's the culprit, of course. Note
Hi Steve!
The site goes on to say:
"If you don't take any action here, you're leaving a subset of your
potential subscribers out in the cold. Making them second class citizens,
unable to participate in the mailing lists you're hosting. Be kind, and
don't beat up Yahoo users because of a domain po
> On Nov 3, 2016, at 10:56 AM, Andrew G. Malis wrote:
>
>
> On Thu, Nov 3, 2016 at 1:30 PM, Terry Zink
> wrote:
> The average Internet user doesn't understand DMARC. The average person on an
> Internet mailing list doesn't understand DMARC either, and even the average
> tech person on a mai
On Thu, Nov 3, 2016 at 1:30 PM, Terry Zink
wrote:
> The average Internet user doesn't understand DMARC. The average person on
> an Internet mailing list doesn't understand DMARC either, and even the
> average tech person on a mailing list doesn't understand DMARC. All they
> know is that their ma
>> Perhaps people can go to Outlook.com? What happens if they go to DMARC
>> p=reject? Everyone can go an sign up for yet another domain?
>>
>> That just kicks the can down the road, but eventually that can will
>> take no more kicks.
> And then developers can move to fastmail.fm; there are qui
>> I've seen comments that people who were on Yahoo can fortunately go to
>> Gmail. What happens when Gmail publishes a p=reject like they said they
>> were going to?
> They have said multiple times that they won't do so until ARC is up and
> working. If they're lying, well, we're all schrod.
On 11/3/2016 7:30 AM, Benny Pedersen wrote:
Hector Santos skrev den 2016-11-02 21:05:
ADSP/ATPS actually works very well. Its been in production for a
number of years. I have "ietf.org" as a 3rd party signer assigned to
my ATPS records in DNS. Supportive receivers can then see that I
authorize
On 11/3/2016 8:20 AM, Benny Pedersen wrote:
limit opendkim to only verify last signer could be a option, if last
signer signs all mails, atleast dkim pass fron every mail here, but i
dont like that route
this would have no effect on dmarc analysis, other than perhaps
increasing the rate of fa
John Levine skrev den 2016-11-03 04:12:
Indeed. We look forward to hotmail/outlook implementing ARC so your
users can resume using mailing lists the way they have for 30 years or
more.
waiting for ARC to solve something that is only a problem on maillists
that break DKIM, whats next ?
i se
On Thu, Nov 03, 2016 at 12:36:47AM +, Terry Zink wrote:
> > There is a third option --- which is that if you want to participate on
> > certain
> > mailing lists, you have to use a non-DMARC e-mail address. There are people
> > with google.com addresses that need to use non-Google addresses
Hector Santos skrev den 2016-11-02 21:05:
ADSP/ATPS actually works very well. Its been in production for a
number of years. I have "ietf.org" as a 3rd party signer assigned to
my ATPS records in DNS. Supportive receivers can then see that I
authorize ietf.org to sign my IETF submissions as my r
Benny Pedersen skrev den 2016-11-03 10:21:
Cullen Jennings skrev den 2016-11-02 23:00:
there is no problem as long no one breaks dkim
Authentication-Results: linode.junc.eu; dmarc=none header.from=junc.eu
Authentication-Results: linode.junc.eu;
dkim=pass (1024-bit key; secure) header.d=ietf
Cullen Jennings skrev den 2016-11-02 23:00:
So how do we get this fixed ? Has someone talked to the IESG about
this? Right now as a chair, I am making consensus calls that are
probably ignoring any emails from people from google.com - and other -
because I am not getting their email. That seems
>Belittling people who are arguing that a long-standing problem needs
>to be fixed is not appropriate.
We all agree that the problem needs to be fixed, but many of us
believe we have a duty to try to understand a problem before demanding
"solutions" which would cause at least as many problems as t
>I've seen comments that people who were on Yahoo can fortunately go to Gmail.
>What happens when Gmail publishes a
>p=reject like they said they were going to (even if the timeline is delayed),
>per
>https://wordtothewise.com/2015/10/dmarc-news-gmail-preject-and-arc/?
They have said multiple ti
>> There is a proposed standard, ARC, that would allow mail receivers to
>> do more intelligent whitelisting. It's not ready yet.
> There is a third option --- which is that if you want to participate on
> certain
> mailing lists, you have to use a non-DMARC e-mail address. There are people
>
On Wed, Nov 02, 2016 at 02:58:31PM -0700, Brandon Long wrote:
> If this is a problem for you as a receiver, you can choose to attempt to
> whitelist the ietf mailing list mail from DMARC enforcement. You may not
> be able to do so, just like the sender may not be able to change their
> organizatio
Yes, it is too much. I could care less how DMARC works, in the sense
that it clearly _doesn't_ work. Knowing how it works is not my
problem, and is not the secretariat's problem. Making IETF mailing
lists work is the secretariat's problem (not mine anymore).
Belittling people who are arguing
In article
you write:
>FWIW, I use Google For Work (or whatever it's called this week) and it
>doesn't automatically add DMARC headers--
Is it too much to ask that anyone who wants to tell us how to deal
with DMARC should at least read RFC 7489 so he knows how DMARC works?
R's,
John
Helpful ti
On 03/11/2016 10:58, Brandon Long wrote:
> With the understanding that my email is unlikely to be received by some of
> those having issues...
>
> Let us assume that those who specify p=REJECT have a good reason for doing
> so, and that after 2-3 years, they are unlikely to change back.
>
> Let u
Agree with your assumptions ( and the later point that receiving person can't
controls what their admins do any more than sender can control what their
admins do)
But there are two failure modes for something like this
1) sender knows their email was not received
2) email was not received b
> On Nov 2, 2016, at 1:00 PM, Michael Richardson wrote:
>
>
> Cullen Jennings wrote:
>> So if someone send a email with a bad signature to an IETF list from a
>> domain that has a reject policy, and the IETF server forwards it to my
>> email email provider, my email provider rejects it. Now th
On 11/2/2016 1:05 PM, Hector Santos wrote:
Since its inception, this has been the "Achilles' heel" of DKIM without
a Signature
The issue, here, is with features added by DMARC. As such, the problem
has nothing to do with DKIM.
DKIM does not present any problems, with respect to retaining t
Since its inception, this has been the "Achilles' heel" of DKIM
without a Signature Policy Authorization framework. i.e. authorizing
3rd party mail processors, such as a list manager/server or could
bring the integrity and/or resign the mail as a 3rd party.
The IETF abandoned the proposed sta
> On 2 Nov 2016, at 21:12, Ted Lemon wrote:
>
> FWIW, I use Google For Work (or whatever it's called this week) and it
> doesn't automatically add DMARC headers--that's something that you
> have to configure, apparently. So while I think that gmail.com is
> probably a lost cause, if your org i
FWIW, I use Google For Work (or whatever it's called this week) and it
doesn't automatically add DMARC headers--that's something that you
have to configure, apparently. So while I think that gmail.com is
probably a lost cause, if your org is using GfW, you don't have to use
DMARC.
On Wed, Nov 2,
Cullen Jennings wrote:
> So if someone send a email with a bad signature to an IETF list from a
> domain that has a reject policy, and the IETF server forwards it to my
> email email provider, my email provider rejects it. Now the IETF email
> server counts that as a bounce. Too m
So if someone send a email with a bad signature to an IETF list from a domain
that has a reject policy, and the IETF server forwards it to my email email
provider, my email provider rejects it. Now the IETF email server counts that
as a bounce. Too many bounces in a row and the IETF server unsu
37 matches
Mail list logo
