On May 19, 2014, at 7:07 PM, Scott Kitterman <scott@xxxxxxxxxxxxx> wrote: > On Monday, May 19, 2014 15:57:28 Doug Ewell wrote: >> I'm still working on the logic of a post with Yahoo in its subject line, >> which calls out Yahoo 26 times and Google 19 times, then concludes out >> of left field that all of this is the fault of Evil Microsoft. > > They do reject DMARC fail, which is part of the problem. To reject or not to reject... Doing what Yahoo! and AOL requests seems appropriate. Not doing so may carry some risk. The DMARC specification is fairly clear about the expected action to be taken. If someone is harmed because a message was not rejected, although similar messages for other domains are, then who would be at fault? DMARC combines both SPF and DKIM to limit the number of erroneous results. Of course, Yahoo! and AOL should have notified their users to unsubscribe from mailing lists giving them feedback, otherwise messages sent to these lists might impair subscriptions for other users of different providers. It is difficult to understand why they selected reject rather than quarantine. Are they attempting to be ultra safe with respect to follow-on liabilities? By now their support costs dealing with real harm must have them hemorrhaging such that complaints about not being able to use a church mailing list has fairly low priority. Why should anyone else care when the domain making seemingly erroneous alignment assertions doesn't? Regards, Douglas Otis