Re: <nettime> process reporting?

[Rich Kulawiec via Nettime-tmp <nettime-tmp@mail.ljudmila.org>]

A general comment first: running a mailing list today requires quite a
bit more knowledge than it did 10 or 20 years ago.  Anyone who doesn't
have that knowledge is going to struggle, no matter how well-intentioned
they are.  That knowledges includes (among hundreds of other things)
understanding with FCrDNS on the mail host is a de facto requirement and
that DMARC mitigation on a per-domain basis is the the same.  Note that
it doesn't matter even a little bit whether you think these are good
things: they have to be done.

	[ My personal view is that requiring FCrDNS is an excellent idea
	and that DMARC has added a great deal of cost and complexity with
	no significant benefits...and has in some ways made things worse.
	I'll be happy to explain these points but the explanations are
	*not* brief. ]

That said: a reasonable path forward is (a) Mailman 2.1.39 (b) with
DMARC mitigation properly supported (c) running on a host which passes
FCrDNS (d) and does not have a generic hostname (e) is not located on
a problematic network and (f) is run by a group of clueful people.

This can't and won't solve every problem (for example, per recent
discussion on mailop, Apple has broken their own mail system at the moment
and it's rejecting messages it shouldn't) but it will solve most of the
problems that can be solved on the sending side.  I know this because
I'm running such an instance (and have been for many years) with a few
dozen lists and ~20K users, and for the most part it works quite well.

A robust long-term solution will likely entail using a dedicated domain
(est. $14/year) and a dedicated host (such as a Panix VPS, $160/year),
with access to these shared by N people.

	[ I specified Panix deliberately.  Over my considerable time
	online I've worked with and/or observed a lot of organizations.
	They're one of the best I've ever seen.  Yes, it's possible to
	go cheaper, but that means using garbage operations like Digital
	Ocean or worse, OVH, and for anyone trying to run a mailing list
	that would be self-defeating and quite stupid. ]

This can (and has) been done by other groups, but it does require
solid Unix system administration skills, especially with DNS, SMTP,
HTTP, SSH, firewalls, logging, security, backups, disaster recovery,
mail defenses, etc.

That includes compliance with de jure and de facto standards; RFCs 1123,
2142, 5321, 2919, and 2369 come to mind offhand and of course there
are more.  The more of these things that are done correctly the higher
the probability of success.

I have that skillset (because I've been running mailing lists for over
40 years and because I'm writing a book about mail system defense)
so I'm willing to architect this and teach others how to properly run it.

So if you want to do this right, for as much of a sense of "right"
as best current standards/practices dictate/allow and as far into the
future as anyone can guess, then sure, let's do that.

Alternatively, you can try to go cheap and to just ignore a lot of
this stuff, but then you'll create problems you can't fix.  Note John
Levine's maxim: "The total budget at all receivers for solving senders'
problems is $0".

---rsk
#  distributed via <nettime>: no commercial use without permission
#  <nettime>  is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: https://mail.ljudmila.org/cgi-bin/mailman/listinfo/nettime-tmp
#  archive: http://www.nettime.org contact: nettime@kein.org
#  @nettime_bot tweets mail w/ sender unless #ANON is in Subject: