On Tue, Apr 15, 2014 at 04:56:50PM -0400, Hector Santos wrote: > > I think adding temporarily helps and the additional text about DMARC > certainly helps. > > But the problem is YAHOO doesn't want you to do this (rewrite). That's OK, we didn't want Yahoo turning on DMARC p=reject. Life's tough sometimes. > > Case in point, lets say a real bad message got into the list, unsigned, > purported from Yahoo, the 5322.From was rewritten and distributed to other > list users and some of those users were "harmed" in some fashion that it > worth the effort to sue. Guess who would be at legal fault here? Not > YAHOO. They are legally protected. The MLM, who wistfully and intentionally > ignored policy and even went as far to break the security, is now at risk. The message was unsigned before it hit the mailing list, and it's unsigned after the mailing list altered the from field. So the mailing list software did nothing to "break" security in that case. Furthermore, the from field would be "username@xxxxxxxxx.INVALID". So obviously there is nothing that can be said about whether the message came from a yahoo user or not. Cheers, - Ted