On Fri, Dec 16, 2016 at 08:39:06PM +0000, Viktor Dukhovni wrote: > When it is more difficult to forge an email from a Yahoo user, it > is more convenient for the phisher to fake an address from some > other domain, and then Yahoo deals with fewer complaints. I don't think it's difficult at all to forge an email from a Yahoo user. And it'll even dutifully be marked as valid courtesy of Yahoo itself: Yahoo Says 1 Billion User Accounts Were Hacked http://www.nytimes.com/2016/12/14/technology/yahoo-hack.html Please note that this is in addition to the earlier announcement of 500M hacked accounts. But hey, at least they got to do this: Yahoo breaks every mailing list in the world including the IETF's http://www.ietf.org/mail-archive/web/ietf/current/msg87153.html Yeah. That was worth it. Definitely. ---rsk