Murray S. Kucherawy wrote:
On Fri, Apr 18, 2014 at 7:47 AM, <ned+ietf@xxxxxxxxxxxxxxxxx <mailto:ned+ietf@xxxxxxxxxxxxxxxxx>> wrote:The message was pretty clearly, "We think DMARC is valuable enough to us that we plan to deploy it even though it has the unfortunate side effect of causing problems for mailing lists." Allow me to rephrase: "We think getting our commerical mail through is worth sacrificing all sorts of personal mail functionality users depend on. And we don't care who it hurts, including some shops as large or larger than we are."I'm not so sure delivery is the primary goal. Rather, "We're tired of the fact that we are unable to control who generates mail that appear to come from our domain(s), and it's hurting us" is how that should at least start. A tarnished domain name has repercussions beyond just delivery of email.
Given the amount of spam and other malicious mail that comes from real, honest-to-god, Yahoo accounts -- be it generated by spammers who obtain Yahoo accounts, or botnets that have obtained access to legitimate accounts -- perhaps Yahoo might have started closer to home in addressing the "tarnished brand" problem.
Pretty much the ONLY malicious mail, from Yahoo, that has ever made it through our spam filters, and onto any of our mailing lists, has been from compromised Yahoo accounts -- and that was BEFORE DMARC.
On the other hand, the only mail that ever seems to end up in my Yahoo mailbox (which I rarely check), is spam.
What Yahoo has just done is tarnished their brand by "breaking every email list in the world" - and causing pain to every one of their users who subscribes to mailing lists.
Kind of shooting yourself in the foot, if you ask me. (Or blowing up yourself, along with your target.)
Miles Fidelman -- In theory, there is no difference between theory and practice. In practice, there is. .... Yogi Berra