[ih] Early History of the Internet

Dave Crocker dhc at dcrocker.net
Thu Jan 11 12:10:58 PST 2024 

On 1/10/2024 6:49 PM, Jack Haverty via Internet-history wrote:
> Hi Barbara,
>
> Lots of email configurations changed with the new year, part of 
> efforts to fight spam. 

Large email service providers have been on a long march towards 
increasingly restrictive rules, for the mail they will accept. The 
onslaught of email abuse obviously creates a clear and present danger.  
The challenge in formulating acceptance changes is the potential for 
collateral damage to legitimate users.

An obvious example is legitimate mail that gets into the spam folder.

Less obvious is the common convention, for mailing lists, of changing 
the From: field from whatever the author provided, to a different email 
address and, usually, different 'display' string are used. This is done 
to avoid having a final receiving site discard the message, if the From: 
field domain name fails a strict DMARC test.

A collateral damage is that a recipient's MUA will think that different 
messages from the same author are actually from different authors, since 
they use different From: email addresses, even though the author sent 
using the same address.

DMARC was designed for use in a very constrained, 'direct' scenario from 
a bulk sender.  Yahoo was the first to repurpose it for general consumer 
email from their platform, in order to deal with a service-destroying 
problem they were having that was/is due to their business and 
operations model.  This has been characterized as externalizing an 
internal problem.

The collateral damage does not create enough complaints from these 
receiving platforms' users to motivate the DMARCian platforms to do 
things differently.  It largely affects others. Hence classing the 
action as having an externalized effect.

The broader use of DMARC is seen as having a beneficial effect on the 
handling of email abuse, and so the damage is considered a tolerable effect.

The nature of the DMARC use effectively makes the From: field serve the 
role Sender: was originally intended to cover.  That is, it indicates a 
handling agent, not necessarily the actual author.

A couple of years ago, I pushed through a specification for an Author: 
header field, to provide a place for a retained specification of the 
actual author.  The premise is that it would not need changing as the 
message goes through mailing list massaging.  To my knowledge, no one 
has implemented it.

And this goes to the deeper and more serious problem:  movement towards 
making email handling more strict -- as it needs to be in response to 
ongoing, massive abuse -- has not been accompanied by adjustments at the 
user level to compensate, to maintain a UX that is otherwise preferred 
by users.  Developers and operators simply have no current incentive to 
make such changes.


> For reasons I can't imagine, the DMARC mechanism allows mail services 
> to specify a percentage of suspicious emails that should be just 
> discarded. 

I, too, was amused as this was added, during specification discussions.  
But operators are used to being able to introduce things incrementally, 
to limit damage if there is a problem.  And DMARC development was 
dominated by such folk.

Fwiw, I believe this 'feature' has been dropped from the DMARCbis 
specification.  If it ever gets published.


> Bottom line: Email through mailing lists is not reliable and will be 
> getting worse.

If you have ever lived in a small, homogeneous town and then moved to a 
very large, unruly city, you will have made the same complaint about the 
differences.

I moved from Los Angeles to Newark, Delaware.  In LA, a very long time 
ago, I moved from West LA to West Hollywood. I went into the nearby West 
Hollywood grocery store that was part of the chain I frequented in West 
LA.  I wanted to cash a check and I showed them the check-cashing ID 
card I'd gotten from the West LA. store.  The West Hollywood folk would 
not cash my check.  (I had to drive 10 miles back to the other store to 
get the check cashed.)

In Newark -- base population, 25K, with another 25K of students -- I 
went into a small coffee store -- a remarkable novelty in those days -- 
and needed to pay with a check.  I warned the owner that it was from an 
out of state bank and I had an out of state drivers license, since I had 
not transferred things, yet.  The owner looked at me and asked if it 
would bounce.  I said no, and he took it.

The Internet and email, then vs. now, have similar differences. The real 
problem is a failure to adapt things to these underlying changes.


> You should get this email because I sent it directly to your yahoo 
> address.   You may or may not get the copy coming through 
> internet-history at elists.isoc.org

I don't see the basis for this expectation of failure, for this case. 
The ISOC mailer makes the unpleasant-but-common adjustment to the From: 
field.


> Sorry, I don't know of any solution other than moving to some other 
> email provider....that's what I did a few weeks ago.

Alas, DMARC adoption has become fairly widespread among email platform 
providers.

So, for example, fastmail seems to use it with my bbiw.net domain -- I 
didn't specify this -- but hostinger does not, for my dcrocker.net domain.

d/

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net
mast:@dcrocker at mastodon.social

More information about the Internet-history mailing list