Re: DMARC and yahoo

Douglas Otis <> Mon, 21 April 2014 19:20 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 4CEAB1A027C for <>; Mon, 21 Apr 2014 12:20:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id f1rn5Zc29iXl for <>; Mon, 21 Apr 2014 12:20:14 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400e:c01::22d]) by (Postfix) with ESMTP id 0B45F1A027B for <>; Mon, 21 Apr 2014 12:20:13 -0700 (PDT)
Received: by with SMTP id uo5so4037926pbc.18 for <>; Mon, 21 Apr 2014 12:20:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=mOkVnvjxWijeyQ4wUTVTgkl8V60JIaJewiLF0b1Mdlw=; b=qR+qXovBflDFvRcYg2h6pIsUdZ6+rqGwLb0Ef+0MuNW4uUShn9Z5P+5zF56oSI1Hby Nfu2yeHg8YcAXw0QDVyufzzqG8JCSGbzNfZWLXRFY+USyCDzl0uS7c2aVm/RbL2cYqZA GJCE/nhasQ8B70MT2bCy4ROGjzRvBN+UazFQovfX5cLTd+t8W4v9+UXe1FAkhDSrMF4W /vmYvnLCbOWFO6lnqlNHTCFeZ8C3tBH4b0UIg16Bca4cqIdlqzC0cjnoBL3bIhLJqcmf cNUgvDT42pv1Actx7V4kIORBZ9a6MUEP7alJLaA9uJZMQ+fFyiu8Xp5nT355rG/GDYwQ WauA==
X-Received: by with SMTP id zd1mr4945334pac.136.1398108009059; Mon, 21 Apr 2014 12:20:09 -0700 (PDT)
Received: from ?IPv6:2601:9:7680:203:b54f:4381:6ca8:f934? ([2601:9:7680:203:b54f:4381:6ca8:f934]) by with ESMTPSA id lr3sm37842156pab.4.2014. for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 21 Apr 2014 12:20:07 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_33CBD5A5-AF8D-4D29-8147-49214F3901B9"
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
Subject: Re: DMARC and yahoo
From: Douglas Otis <>
In-Reply-To: <>
Date: Mon, 21 Apr 2014 12:20:10 -0700
Message-Id: <>
References: <20140421163621.29166.qmail@joyce.lan> <>
X-Mailer: Apple Mail (2.1874)
Cc: John Levine <>,
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 21 Apr 2014 19:20:18 -0000

On Apr 21, 2014, at 9:42 AM, Dave Crocker <> wrote:

> On 4/21/2014 9:36 AM, John Levine wrote:
>> They could fix it if they
>> wanted, e.g., by arranging to whitelist mail sources that don't match
>> DMARC's authentication model but send mail people want.  This is not
>> just mailing lists, of course.
> Sorry, but I'm not quite understanding what additional mechanism you have in mind.
> Exactly who does exactly what?
> Who has to adopt it?
> How will it scale?

Dear Dave,

Each domain can simply point to their desired white-list. This can be one published directly or simply referenced as described in:

This has elements from the moribund ADSP.  The sender wishing to protect a domain while also applying policy like that of ADSP or DMARC can offer receivers a rapid and scalable method to check third-party domain authorizations.  This means senders are always able to defend recipients who trust messages from their domain.  Please note, authorizations can also require presence of a List-ID.  Other schemes, such as SRS, end up treating third-parties the same, which never works. 

Perhaps being a bit crass, those who have decided to adopt DMARC for their user accounts have a vested interest in seeing mailing-lists fail.  Their revenue is often based on ads displayed in a user's browser.  Forcing use of some social web site has an advantage of injecting ads while also balkanizing group efforts.  Is the IETF ready to offer their own version of a social website or start an email version of a three-card monte game of "Where is the From?  Must all other group endeavors demand some social allegiance or can these sites become federated using something like XMPP and give up on email?

Douglas Otis