Yahoo DMARC breakage

Miles Fidelman mfidelman at meetinghouse.net
Thu Apr 10 01:04:42 UTC 2014


Dave Crocker wrote:
> On 4/9/2014 7:25 PM, Miles Fidelman wrote:
>> Dave Crocker wrote:
>>> Everything they are doing is "legal".
>>>
>>> Your (possibly entirely valid) assessment that their action is
>>> ill-advised or unpleasant does not equal broken.
>>
>> Well, sort of - given that DMARC is still an Internet draft, not even an
>> experimental standard.  Maybe it's doing what the draft says it is - but
>> it's an alpha-level protocol, that breaks a lot of things it touches. If
>> not "broken" it's certainly "not ready for prime time" - and large scale
>> deployment is akin to a DDoS attack - i.e., not "ill-advised" but
>> verging on criminal.
>
>
> While IETF "full" standards status does indicate real deployment and 
> serious technical maturity, IETF Proposed Standard does not mean 
> mature or immature, given the varied history of work leading to Proposed.
>
> SSL was quite mature, before the IETF did enhancements to produce TLS.
>
> The IETF's version of DKIM was essentially v4 for the technology.
>
> DMARC is estimated to currently cover roughly 60% of the world's email 
> traffic.  As "not ready for prime time" goes, that's quite a lot of 
> prime time.
>
> Yahoo! is choosing to apply the technology for usage scenarios that 
> have long been known to be problematic.  Again, they've made an 
> informed choice.  Whether it's justified and whether it was the right 
> choice is more of a political or management discussion than a 
> technical one.
>
> In technical terms, DMARC is reasonably simple and reasonably well 
> understood and extensively deployed.
>
> For most discussions, that qualifies as 'mature'...
>

Speaking as someone who runs a few dozen mailing lists, and based on 
discussions on mailops and admin lists for various listserver packages, 
I humbly suggest that, as John Levine put it:
"Yahoo breaks every mailing list in the world including the IETF's"
suggests something something other than "reasonably simple and 
reasonably well understood and extensively deployed" and "mature."

Especially after reading some of the discussions on the DMARC mailing 
list where it's clear that issues of breaking mailing lists were 
explicitly ignored and dismissed.

Miles Fidelman



-- 
In theory, there is no difference between theory and practice.
In practice, there is.   .... Yogi Berra





More information about the NANOG mailing list