DMARC and ietf.org

Michael Richardson <mcr+ietf@sandelman.ca> Sun, 20 July 2014 13:26 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AA3C1B2B6A; Sun, 20 Jul 2014 06:26:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.292
X-Spam-Level:
X-Spam-Status: No, score=-1.292 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_16=0.6, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, T_TVD_MIME_NO_HEADERS=0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6VQbTLbXh5D3; Sun, 20 Jul 2014 06:26:46 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 255191B2C2E; Sun, 20 Jul 2014 06:26:46 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 84CCD2002B; Sun, 20 Jul 2014 09:28:16 -0400 (EDT)
Received: by sandelman.ca (Postfix, from userid 179) id 3A32863B0F; Sun, 20 Jul 2014 09:26:45 -0400 (EDT)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 2502A63AED; Sun, 20 Jul 2014 09:26:45 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: ietf@ietf.org, iaoc@ietf.org
Subject: DMARC and ietf.org
In-Reply-To: <6.2.5.6.2.20140719235353.0c50d260@resistor.net>
References: <CAL0qLwYZPO9L9e7MHA6zP5vcTbQEJmwCSonLdMeQiOw4CUoiFw@mail.gmail.com> <20140718174827.652621ADAF@ld9781.wdf.sap.corp> <6.2.5.6.2.20140719235353.0c50d260@resistor.net>
X-Mailer: MH-E 8.2; nmh 1.3-dev; GNU Emacs 23.4.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Date: Sun, 20 Jul 2014 09:26:45 -0400
Message-ID: <25621.1405862805@sandelman.ca>
Sender: mcr@sandelman.ca
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/Ip1Vmqahj2HULKFbMuqj_7zMADs
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Jul 2014 13:26:47 -0000

Regardless of how/if/why/when we process DMARC as a specification, we need to
decide how ietf.org MTA is going to deal with things.

1) someone has to fund changes to mailman, and perform testing, installation,
   and community education for the IETF mailing lists.  That implies that
   we have to decide *for ourselves* where and how we will "break" the
   DMARC/DKIM connection,  and if we will reject email from p=reject senders
   before we attempt to relay.

2) there are a number of things which are not mailman lists, but aliases,
   which get *no* reprocessing of any headers at all.  This includes, I
   think,    "iesg", "iab", "iaoc", *AND* why I suddenly care again: "nomcom14-coord"

   yes, at least one member of nomcom has an ISP that processes DMARC,
   and I think two members of nomcom send email from p=reject addresses.

   The experience is that some senders get rejected by some recipients, but
   other senders do not.  It felt at first, like some bizarre kind of
   censorship.  The confusion is confounded because I think some DMARC
   processors (gmail.com?) may have already whitelisted ietf.org MTAs,
   while others have not.

   (3 - I'm still looking for confirmation that we a suffering on
   nomcom14-coord from DMARC)

So, again, I'm not interested in what we might specify as an SDO.
I'm interested in what we are going to *do* as an entity.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [








--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-