[BBLISA] ISPs with p=reject DMARC policies?

Thu Oct 6 19:37:28 EDT 2016

On 10/06/16 06:26, Edward Ned Harvey (bblisa4) wrote:
>
> "break user expectations and/or degrade the user experience" is synonymous with "rawr, I want a random email server on the internet to be able to relay mail from me, I don't like it when things in the world change, rawr."

Amusing, however I often see the complaints written as:

"We've been working this way for 20/30/40 years, and your new thing
broke it. You never should have proposed a new protocol that would
invalidate an existing model or practice."

"Passing SPF with the list address in the 5321.MailFrom is sufficient
for anybody. And you can tell it isn't spam because it came from a list!"

"This was a security problem at the ISPs, and they turned into a problem
for the rest of us."

"We never had a problem with spam or phishing affecting us, and never
asked for this."

"The Big Senders/Receivers imposed this on us, and are forcing us to
change behavior to suit their needs. This is fundamentally an unfair
burden on us, they have nigh-limitless resources and I have none. They
should create a public registry of all mailling list servers so we can
whitelist them."

"All my message filing and sorting happens on the From: address, and
your workaround breaks that."

"The From: header was intended by God and Jon Postel to indicate the
actual, original message author. Any change you make to that field is
sacrilegious as well as fraudulent and must be stopped."

"DMARC should only use the Sender: or Resent-From: headers that most
MUAs hide from the recipient."

"The big ISPs just want to kill all mailing lists and force us to use
their ``groups'' services!"

Alright, I got a little carried away there but you get the idea. I'm
very highly sympathetic to the complaints that DMARC forces a change in
user/list behavior. My roots go back to academia and the IETF over
ISO/OSI, etc. I miss the days when the majority of NetNews was
user-generated content.

But as you alluded, the root cause here is actually the highly effective
activities of phishers, spammers, fraudsters, and attackers who leverage
that unattributable model of email as a vector to successfully
compromise consumers, companies, and governments; after which they can
harvest real money, account info & personal data, and more. It's not
because anybody wants to punish or proscribe these traditional uses.
It's because the features they use are also being actively used to
attack people, companies, and government agencies.

> Take this list, for example. bblisa at bblisa.org. Notice that the From address says "from bblisa-bounces on behalf of Dan Ritter." You can ask our list moderators how the list is configured - Are we using "Munge From?" or some other setting?

Actually, FWIW, I see your address (@nedharvey.com) in the address field
of the 5322.From header.

--S.