On 4/20/2014 5:23 PM, Doug Barton wrote:
The issue with @yahoo.com and DMARC is not the @yahoo.com users'
ability to receive mail, it's their ability to send mail to the list
with From: *@yahoo.com and have it be received by list subscribers who
implement strict DMARC policies which honor Yahoo!'s p=reject.
Or basically, anyone with a p=reject policy will be rejected by
DMARC compliant receivers if its not signed by the author domain. We
have been calling this 3rd party signatures. See RFC5016 (Requirements
for a DKIM Signing Practices Protocol) for the definition:
http://tools.ietf.org/html/rfc5016#page-3
o First Party Address: for DKIM, a first party address is defined to
be the [RFC2822].From address in the message header; a first party
address is also known as an Author address.
o First Party Signature: a first party signature is a valid
signature where the signing identity (the d= tag or the more
specific identity i= tag) matches the first party address.
"Matches" in this context is defined in [RFC4871].
o Third Party Signature: a third party signature is a valid
signature that does not qualify as a first party signature. Note
that a DKIM third party signature is not required to correspond to
a header field address such as the contents of Sender or List-Id,
etc.
DMARC has no such separation support. Thats the problem. You know, for
the IETF purist, this is an violation of RFC5016 if it uses the term
DKIM in its documentation as a conforming solution. Either that, or
it fell thru the crack. Lets hope its the latter and we can fix this
problem.
It's not clear how setting the @yahoo.com users to digest mode helps
this situation at all.
For our MLS digest mode, the signed digest message is 5322.From the
list domain. Can't tell you off hand how other MLS will do this.
--
HLS