DMARC considered harmful

DMARC ("Domain-based Message Authentication, Reporting and Conformance") is the latest hare-brained scheme to reduce spam and phishing. Like some previous such schemes (I'm looking at you, SPF), it breaks some completely legitimate uses of e-mail.

In this case, it's all about the "From:" line. The "From:" field of an e-mail message is supposed to indicate the author of a message, which can be different from the sender. As RFC 5322 explains

The "From:" field specifies the author(s) of the message, that is, the mailbox(es) of the person(s) or system(s) responsible for the writing of the message. The "Sender:" field specifies the mailbox of the agent responsible for the actual transmission of the message. For example, if a secretary were to send a message for another person, the mailbox of the secretary would appear in the "Sender:" field and the mailbox of the actual author would appear in the "From:" field.

In today's world, the "secretary" is more likely to be some mailing list software. It's quite legitimate for some random internet domain ("") to a mailing list. This list accepts messages from subscribers, such as "some_fake_guy@yah00.c0m"[*], and sends a copy of each such message to each subscriber of the list. The "From:" line of each copy has "some_fake_guy@yah00.c0m", while the "Sender:" is something like "".

([*] 0's instead of o's in the address above so it's definitely a bogus address. I'm deliberately picking on Yahoo here.)

The problem is, DMARC lets Yahoo say, "no one but Yahoo! can send an e-mail message with a Yahoo address in the From: line". This breaks the world.

Yahoo breaks every mailing list in the world including the IETF's

DMARC is what one might call an emerging e-mail security scheme. There's a draft on it at draft-kucherawy-dmarc-base-04, intended for the independent stream. It's emerging pretty fast, since many of the largest mail systems in the world have already implemented it, including Gmail, Hotmail/MSN/Outlook, Comcast, and Yahoo.


For a lot of mail, notably bulk mail sent by companies, DMARC works great. For other kinds of mail it works less great, because like every mail security system, it has an implicit model of the way mail is delivered that is similar but not identical to the way mail is actually delivered.

Mailing lists are a particular weak spot for DMARC....

The reason this matters is that over the weekend Yahoo published a DMARC record with a policy saying to reject all mail that fails DMARC. I noticed this because I got a blizzard of bounces from my church mailing list, when a subscriber sent a message from her account, and the list got a whole bunch of rejections from gmail, Yahoo, Hotmail, Comcast, and Yahoo itself. This is definitely a DMARC problem, the bounces say so.

Yes, I spent time last week cleaning up after this. It made me want to punch someone in the nose. I'm going to put that punch away for now, but if I ever meet a system administrator who implemented DMARC in a way that breaks mailing lists, I will be happy to pull it out of storage. Don't let that happen. Just say no to DMARC.


AA and "12 Step" programs don't work

Some 12 step groups hew less closely to the specifics of the steps than to a general attitude of social support. But at the root of it, 12 step groups are based on a religious ideology rather than scientific evidence. Bill Wilson even wrote, "At the moment we are trying to put our lives in order. But this is not an end in itself. Our real purpose is to fit ourselves to be of maximum service to God." Yet our legal system still forces people into these religious programs. And the addiction treatment industry is making a lot of money off of them, while not helping people. One might say they are making a killing, in both senses of the word.

AA and Rehab Culture Have Shockingly Low Success Rates (Alternet)

AA and rehab have even been codified into our legal system: court-mandated attendance, which began in the late 1980s, is today a staple of drug-crime policy. Every year, our state and federal governments spend over $15 billion on substance-abuse treatment for addicts, the vast majority of which are based on 12-step programs. There is only one problem: these programs almost always fail.

Peer-reviewed studies peg the success rate of AA somewhere between 5 and 10 percent. That is, about one of every fifteen people who enter these programs is able to become and stay sober. In 2006, one of the most prestigious scientific research organizations in the world, the Cochrane Collaboration, conducted a review of the many studies conducted between 1966 and 2005 and reached a stunning conclusion: “No experimental studies unequivocally demonstrated the effectiveness of AA” in treating alcoholism. This group reached the same conclusion about professional AA-oriented treatment (12-step facilitation therapy, or TSF), which is the core of virtually every alcoholism-rehabilitation program in the country.


unmarked Bmore City cop car stolen in Catonsville

Oh, the irony...

Unmarked Baltimore City Police Car Stolen in Catonsville (Catonsville Patch)

An unmarked Baltimore City police cruiser was reportedly stolen from the 300 block of Orley Road in Catonsville overnight.


Inside were a Taser, police radio, SWAT vest, 28 rounds of ammunition, mace and other police gear, according to ABC 2 News, which said neither weapons nor explosives was in the vehicle.

LA County deputies murder innocent crime victim

How dare he run away from a man with a knife? Obviously undertrained and underqualifed cops would view that as threatening behavior.

Deputies' accidental killing of aspiring TV producer 'very tragic' (

The Los Angeles County Sheriff's Department acknowledged Thursday that its deputies mistakenly shot and killed an aspiring TV producer earlier this week while responding to a stabbing and hostage standoff in West Hollywood.

Sheriff’s officials said deputies believed John Winkler, 30, was the attacker when they encountered him at a Palm Avenue apartment complex Monday night.

In fact, he was one of three hostages being held inside an apartment by a man with a knife.

More and more it seems like calling 911 to deal with violent crime is likely to make a situation worse. Too many cops are simply incompetent or ill-intentioned, and too many police forces have a culture of corruption and silence, with no intention to improve the situation.

Tom Lehrer: alive and well and silent

One of bits of evidence I offer for the fact that I have great parents is that my mom not only introduced me to the work of Tom Lehrer, she gifted me with the Tom Lehrer songbook. (Written for piano, it's hard to play his stuff on guitar, but one of these days I'm going to figure out an arrangement for "Poisoning Pigeons in the Park".)

I sort of figured that Lehrer had passed away, I'm glad to learn he's alive and well. His apathy about his stellar musical career strikes me as sort of a Taoist wu wei, effortless action, though the change in political context also is interesting

Looking For Tom Lehrer, Comedy's Mysterious Genius (BuzzFeed)

The New Left agreed with Lehrer on Vietnam. His last public performance, in fact, was on a fundraising tour for George McGovern in 1972. But the singer — who saw himself as “a liberal, one of the last” — felt less at home in the new Democratic Party. In the end, Stevenson’s party, and Lehrer’s, lost — and with it, at least to Lehrer’s mind, a prevailing sense of humor. “Things I once thought were funny are scary now,” he told People magazine in 1982. “I often feel like a resident of Pompeii who has been asked for some humorous comments on lava.”

”The liberal consensus, which was the audience for this in my day, has splintered and fragmented in such a way that it’s hard to find an issue that would be comparable to, say, lynching,” he also told the New York Times in Purdum’s 2000 article, which was part of his last round of interviews to promote an anthology of his work. ”Everybody knows that lynching is bad. But affirmative action vs. quotas, feminism vs. pornography, Israel vs. the Arabs? I don’t know which side I’m on anymore. And you can’t write a funny song that uses, ‘On the other hand.”’

Bettie Page's fling with a Space Age car designer

From the "guys with cool cars get the chicks" department, Vintage Sleaze reports on Bettie Page's affair with Richard Arbib, designer of the iconic Ford Atmos concept car.

Vintage Sleaze: Bettie Page and the Designer Living Dangerously. Ford Atmos Space Age Car and the Best Auto Model in the Business

Is that Miss Bettie Page riding in a space-age concept car produced by Ford in 1954? A car which 60 years ago was designed to do what the hands-free Google car is attempting today? Of COURSE it is, as it now appears the model was having an affair with the married designer sitting next to her.

This used to be a big controversy in the little Bettie Page underground. Is it her? (whisper…) Well, of course it is her, and that is her boyfriend at the time, space age designer Richard Arbib at the wheel. Well "grips" actually, as the design was steered like an airplane.

Florida family shoots and kills home invader

It can happen even in a "very quiet, peaceful" neighborhood: someone with a history of violence breaks into a home, and by their behavior makes it clear that they have aggressive intent. What would you do? If you believe in firearm prohibition, what do you think this family should have done instead?

Yet on the other hand, reading Facebook comments about this story, the glee with which many people are treating this incident is disturbing. This was a human life which went wrong, and that calls for sober reflection. How did Mitchell Large come to be such a broken human being? Why was someone with a history of violence not under closer supervision? How did we reach the point where the best thing to do with this person was to shoot them?

Winter Haven family opens fire, kills would-be intruder

Winter Haven, FL -- In short, say Winter Haven police, 40-year-old Mitchell Large messed with the wrong house.

Three members of the Pena family- Luis, his wife and adult son- all armed themselves shortly before 7:00 Monday morning after awakening to the sound of someone on their back porch.

"It appears at least two of the family members fired in defense of themselves and their property," said Winter Haven police Chief Chief Hester.

modern violins as good as a Stradivarius?

It seems likely that there's a sort of placebo effect at work, making people believe certain violins sound better or play better.

Elite Violinists Fail to Distinguish Legendary Violins From Modern Fiddles

If you know only one thing about violins, it is probably this: A 300-year-old Stradivarius supposedly possesses mysterious tonal qualities unmatched by modern instruments. However, even elite violinists cannot tell a Stradivarius from a top-quality modern violin, a new double-blind study suggests....

"There is nothing magical [about old Italian violins], there is nothing that is impossible to reproduce," says Olivier Charlier, a soloist who participated in the study and who plays a fiddle made by Carlo Bergonzi (1683 to 1747). However, Yi-Jia Susanne Hou, a soloist who participated in the study and who until recently played a violin by Bartolomeo Giuseppe Antonio Guarneri "del Gesù" (1698 to 1744), questions whether the test was fair. "Whereas I believe that [the researchers] assembled some of the finest contemporary instruments, I am quite certain that they didn't have some of the finest old instruments that exist," she says.

Guitar Center and the parasite economy

Eric Garland writes on how the musical instrument business is "a microcosm of every other problem in the global economy":

How to get beyond the parasite economy (Eric Garland)

This is the logic at play with Guitar Center. Financial parasites have taken over the host company and could not care less about the industry itself. They install some CEO who used to be selling DVD players. They swap private equity firms in and out. It doesn’t matter – it’s just another place for loose capital to suck out a few extra dollars or a tax break. After all, the entire value of the company is less than what JPMorgan paid in fines last year without breaking a sweat.

In the final analysis, this is less about business sense and more about business domination. There are dozens of industries that have been locked up by a few players in this way: mortgages, cars, pharmaceuticals, retail, you name it. Since the chances of antitrust suits under “leaders” like George W Bush and Barack Obama are so low, the tiny tranche of society with all the money can run a time-worn playbook – consolidate companies, squeeze vendors, push manufacturing overseas, lower wages, wash, rinse, repeat, discard. The numbers of the business – which suck in GC’s case – do not matter as much as control of yet another industry. As long as you have dominance over an industry, your positions are hedged for risk automatically because there is no other game in town – or at least people believe that. In the meantime, you get management fees, income from bonds, the occasional IPO payout.


All of this cold-blooded nonsense stands in stark contrast to the amazing people I have met in every other corner of the industry, including the actual long-time employees of Guitar Center who have reached out to me. I have had the tremendous honor to speak with inventors, entrepreneurs, retailers and fellow musicians about current events and I have been astonished by their intelligence, kindness, creativity and overall sense of humanity. All of this is diminished by the presence of these rapacious colonialists and it is time for them to take their leave of our economy, starting with the musical instrument industry.

Palestine's first female commandos

While Saudi Arabia still won't permit women to drive, Palestine is training female special operations soldiers. Yet the U.S. remains buddy-buddy with the Sauds while refusing to recognize the existence of Palestine.

First women joining Palestinian commando unit (Yahoo News)

The 22 future commandos are trailblazers in a still largely male-dominated society, set to become the first female members of the Presidential Guards, a Palestinian elite force of 2,600 men. Their inclusion is the result of gradual changes in the West Bank in recent years.

Some gender barriers have fallen, with a few women assuming posts as mayors, judges and Cabinet ministers or starting their own businesses. At the same time, unemployment is on the rise, and families are more open to women entering non-traditional jobs if it means another paycheck.

Women make up just 3 percent of 30,000 members of the Palestinian police and other security agencies in the West Bank, but there's a push to recruit more, said Brig. Rashideh Mughrabi, in charge of gender issues in the National Security Forces.


Subscribe to the unreasonable man RSS