Re: DMARC -> CERT?

[Jim Popovitch <jimpop () gmail com>]

On Mon, Apr 14, 2014 at 4:52 PM, Christopher Morrow
<morrowc.lists () gmail com> wrote:
> if you're going to do something that has the potential to affect (say,
> for example) email to a wide set of people, most of which are NOT your
> direct users, how do you go about making that public?
>
> 'the internet' isn't really a good answer for 'how do you notify'.
> Doug's note that: "email mailops" is good... but I'm not sure how many
> people that run lists listen to mailops? (I don't ... i don't run any
> big list, but...)
>
> I also wonder about update cycles for software in this realm? and for
> very larger list operators there's probably some customization and
> such to hurdle over on the upgrade path, eh? so how much leadtime is
> enough? how much is too much? 1yr seems like a long time - people will
> forget, 1wk doesn't seem like enough to avoid firedrills and
> un-intended bugs.

First, you don't start by telling mailinglist admins to NOT worry
about dmarc as they are a special case that will be
handled/whitelisted/etc.   The dmarc discussion archives (of which
Yahoo is a primary sponsor, and a Yahoo employee is one of the spec
authors) are full of discussions that clearly show no cause or care
about mailinglists.  I was told, several times, that mailinglists
would be ok, they would be whitelisted and that there was no need for
all my concern (well over 6 months ago).

-Jim P.