[170984] in North American Network Operators' Group
Re: DMARC -> CERT?
daemon@ATHENA.MIT.EDU (Jim Popovitch)
Mon Apr 14 17:10:32 2014
In-Reply-To: <CAL9jLaZE-fR-skrDfz9ZHVb3yo_s34VTR+=zsauGm5uSf+S-mA@mail.gmail.com>
Date: Mon, 14 Apr 2014 17:06:33 -0400
From: Jim Popovitch <jimpop@gmail.com>
To: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, Apr 14, 2014 at 4:52 PM, Christopher Morrow
<morrowc.lists@gmail.com> wrote:
>
> if you're going to do something that has the potential to affect (say,
> for example) email to a wide set of people, most of which are NOT your
> direct users, how do you go about making that public?
>
> 'the internet' isn't really a good answer for 'how do you notify'.
> Doug's note that: "email mailops" is good... but I'm not sure how many
> people that run lists listen to mailops? (I don't ... i don't run any
> big list, but...)
>
> I also wonder about update cycles for software in this realm? and for
> very larger list operators there's probably some customization and
> such to hurdle over on the upgrade path, eh? so how much leadtime is
> enough? how much is too much? 1yr seems like a long time - people will
> forget, 1wk doesn't seem like enough to avoid firedrills and
> un-intended bugs.
First, you don't start by telling mailinglist admins to NOT worry
about dmarc as they are a special case that will be
handled/whitelisted/etc. The dmarc discussion archives (of which
Yahoo is a primary sponsor, and a Yahoo employee is one of the spec
authors) are full of discussions that clearly show no cause or care
about mailinglists. I was told, several times, that mailinglists
would be ok, they would be whitelisted and that there was no need for
all my concern (well over 6 months ago).
-Jim P.
