Quoting Steve Litt (sl...@troubleshooters.com): > Seriously, this DMARC thing, or at least the way it's implemented on > DNG, is downright dangerous.
Seriously, at the time this came up, I worked really hard, tirelessly, and thanklessly, and repeatedly, to explain that Dng was caught in a dilemma created by a mailing-list-hostile anti-forgery standard, a well-intentioned but (in my opinion) badly written piece of ancillary plumbing for SMTP and DNS. I carefully, painstakingly qualified what I said, and dealt with the inevitable people who wanted to argue merely because I expressed a viewpoint, who wanted in knee-jerk fashion to dismiss what I said as yet another subvariety of SMTP crankery, or who were the inevitable sort of edge-case fanatics who lurk on all technical mailing lists. I described how the architecture of DMARC left _all_ the mailing lists in the world in a no-win situation. I detailed how the GNU Mailman people had built into recent releases two separate choice of ways to try to mitigate the DMARC disaster. I detailed why I strongly recommended one of those mitigations strongly over the other. I very carefully disclosed the disadvantages, stressing that there would be some unavoidable problems resulting from the preferred mitigation's operation any time the mailing list poster is sending from a domain with a strongly asserted DMARC policy. I tirelessly repeated these explanations over a span of months, as the Dyne principal volunteers came to grips with the problem and parsed what I and others were saying. And, after a whole lot of my attempting to explain, and explain again, and explain again, and deal with arguments and knee-jerk naysaying, the Dyne principals accepted my recommendation as the least-bad course of action, and implemented the better of the two mitigations. Which brings us to the present. > Let me repeat: "Reply to sender" should never, ever go to the list. What part of 'some unavoidable problems resulting from the preferred mitigation's operation any time the mailing list poster is sending from a domain with a strongly asserted DMARC policy' was unclear? > Did you know that for some but not all DNG email, "reply to sender" > sends it to the list? Did you know that most senders don't suffer the malign effects of strong-asserted DMARC policies in their domains' DNS? I've only explained that on Dng a few dozen times. Probably it didn't sink in. You're making me sorrowful, my friend. I am feeling as if all of my efforts to make the no-win nature of the situation, and my mentioning in _particular_ the great irony of my appearing to recommend (a very limited form of) Reply-To munging, after a quarter-century of trying to calmly document for the Internet why it's a bad idea, was time wasted. Tell you what: How about you go onto the Mailman developers' mailing list and bitch about how their least-bad effort to limit the pernicious effects of a badly written anti-forgery standard thrust upon them by others fails to meet your needs? Would you mind doing that? Part of the reason I'm asking is that you, personally, you my friend Mr. Litt, recently accidentally posted private mail here portraying me as a particularly contentious person (in your view as a denizen of Florida, a land of noted passive-aggressives), and thus, if I now argue with you, I will help support your accidental character assassination. (I'll be nice and call it accidental, even though it accords with previous personal characterisations of me you've posted non-accidentally.) And, well, I'm not going to. For lots of reasons including their being no percentage in it. Have a great holiday season. (Chag Chanukah sameach.) And, next time, _you_ get to do the heavy lifting and deal with people who cannot be bothered to read and understand what you said. Meanwhile, I give up. > I beg whomever is in charge of the DNG mailing list to fix whatever's > wrong with the DMARC implementation. I beg you to pay attention, next time. If I bother to explain anything next time. -- Cheers, "Maybe the law ain’t perfect, but it’s the only Rick Moen one we got, and without it we got nuthin'." r...@linuxmafia.com -- U.S. Deputy Marshal Bass Reeves, circa 1875 McQ! (4x80) _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
