search

danefail / list

The DANE fail list
MIT License
15 stars 4 forks source link

Should the dotserv.com domains continue to be listed? #46

Open vdukhovni opened 6 years ago

vdukhovni commented 6 years ago

Listing domains here is a two-edged sword:

Apparently, while the operators of dotserv.com (a.k.a. enavn.dk) are aware of their issue, they don't consider it a priority to resolve. Given this situation, should the listing of their domains remain in place? Perhaps more good would come of removing the listings and letting some deliveries to their domains fail, so that the issue might get some attention?

desh-se commented 6 years ago

I don't know. The initial motivation for this list was that some email providers was hesitant to enable DANE, given the manual work to required to (and slight disruptions during the process of) building up a DANE bypass list. I consolidated a few lists from different service providers, which I bootstrapped this project with. I was assuming that the receiving domains would be incentivised to resolve the issues given rising DANE adoption, and the fact that they were on a "shame list".

Any thoughts @wildegnux? I guess we are all going to MAAWG in a month?

vdukhovni commented 6 years ago

@desh-se I guess we are all going to MAAWG in a month?

Indeed, I'll be at M3AAWG (I live in Manhattan), we should meet...

dupuy commented 5 years ago

Newer entries have a "reported" date in a comment on a different line, but if the dane-fail list had a convention for a last-working (or reported-broken?) date (maybe in a comment on the line with the domain name), mail senders could deliver a "followup" email notification to the destination mailbox informing them that email from the sending service to their mailbox will no longer be delivered after (some deadline, maybe date+90days?).

Followup emails would of course be at the option of the mail senders, but some date would need to be present for them to do this. Even if most of these followups end in spam folders, and even fewer are reported by customers to the administrators, the users of a broken domain have much more leverage on the administrators than random other people on the internet explaining how they broke things. There would need to be rate limits (1/day or 1/week) on any followup emails (and probably an opt-out), and they would be better received if they included contact information for the domain administrators and maybe even some instructions for fixing the DANE configuration (or removing it so that it is not broken).

It would also be possible for the "deadline" could be recorded in the dane-fail-list.dat file and some periodic task could convert lines like failed-dane.example # 2018-09-30 to # failed-dane.example # 2018-09-30 when the expiration date was reached.

wildegnux commented 5 years ago

Sorry for being late to answering here. From our perspective the purpose of having this list really is not for doing any favors to the recipient with broken DNSSEC / DANE. It's for our users (and us), and they want their email to be delivered. The vast majority of them don't know about or understand DANE so if gmail can deliver their mail, but we can't, then why would they be using our services? Telling our user that they must contact the recipient some other way to get them to talk to their mail provider to fix things is not an option. So frankly, if recipient are excluded from the list because they won't prioritize the issues then our options are to either stop using DANE or go back to using our own list.

vdukhovni commented 5 years ago

Sounds like reluctantly we'll have to keep these in place, I wish there were some way to notify to notify the correspondents that email deliverability is degraded to the recipient and work-arounds needed to be added, so that the domain owner would apply some pressure on their provider...

vdukhovni commented 5 years ago

@desh-se I guess we are all going to MAAWG in a month?

Indeed, I'll be at M3AAWG (I live in Manhattan), we should meet...

Anyone else at M3AAWG? Email me your contact info at ietf-dane@dukhovni.org