Re: DMARC and yahoo

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On Apr 15, 2014, at 5:34 PM, Doug Royer <douglasroyer@xxxxxxxxx> wrote:

Yahoo does not seem to require DMARK. Simply use one of the other two options. I use SPF for my domains, and it makes it through their systems just fine.

Dear Doug,

There's confusion about DMARC policy.  Policy is based on the domain in the From header field as indicated at _dmarc.<email-domain>.  If the From header contains "somebody@xxxxxxxxx", then policy located at:

_dmarc.yahoo.com. IN TXT "v=DMARC1\; p=reject\; sp=none\; pct=100\; rua=mailto:dmarc-yahoo-rua@xxxxxxxxxxxxx, mailto:dmarc_y_rua@xxxxxxxxx\;"
means any validation not aligned with yahoo.com is to be rejected.

It looks to me that some want to be able to send list email to many from a bogus email address (some-domain.invalid). Simply stop doing that.

No. Having emailing lists change ]From headers to "somebody@xxxxxxxxx.invalid" sidesteps onerous _dmarc. policy (which prevents mailing-list use).

It seems 5 organizations outweigh 30,000 smaller groups.  There are scalable solutions such as ATP.  DMARC, on its own, requires all services to be under their domain.

One of the responsibilities of being a list maintainer is cleaning up all of bounced mess from no longer valid email addresses. I have advocated in the past for a email header that allows a bounced message to be automatically routed for the correct reason back to the list maintainer for processing by automated processes. Maybe it is time to revisit that proposal.

I used to get thousands of spams from forged email. I get almost none now. If I got thousands, Yahoo must get millions. I applaud them for their courage to take a stand.

What you describe reflects most mailing lists that are generally better managed than the general corpus of messages directly from yahoo.com itself.  This is also why I wrote the ATP protocol.  ATP offers sending domains a means to select an ATP label hashes of domains they or the community considers well-managed third-party services.  Such exceptions will not invite abuse.

Regards,
Douglas Otis

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]