Re: What I've been wondering about the DMARC problem

Brian E Carpenter <> Tue, 15 April 2014 20:38 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 036631A065B for <>; Tue, 15 Apr 2014 13:38:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id cFO281ZYhgTv for <>; Tue, 15 Apr 2014 13:38:38 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400e:c02::22a]) by (Postfix) with ESMTP id E96221A0753 for <>; Tue, 15 Apr 2014 13:38:37 -0700 (PDT)
Received: by with SMTP id v10so9900941pde.15 for <>; Tue, 15 Apr 2014 13:38:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=praDA7cat32yQ41OtXGmq+5Tt7HSM/YQqzOTU614Ns8=; b=fIayNRaeun4yRvhXWnAd0f/MNu5MAr9s/pSp9Lct8u//W5PBYE3WwmncW1CA4zI6+h s9lCAYAq5oHnpfbjt3DPz/XT/7AknAETe2iLBTYiou7Hxu2xkUOzuEuN3xu5ezL9jq1r lJV5xZ7Rpag/FA9a+DOBNLiHCs7QQ9C7J2Uyix12u/j7wmA3MBOw42fs+trbNiQkxhI/ 2zS2bPC/4Vt6fucKNkIDMcfcW7BXCv4v0fkEcMAcoNjnVgM9vmN2Wi/cemp0TGNGVd0X L7tzZK1pDEQhTQoGHaQk974l3OAlW86zdjp+PNHGCVwufRCD0df7XFd8PkWfYh/3hJIn 329w==
X-Received: by with SMTP id iq8mr4297985pbc.124.1397594315182; Tue, 15 Apr 2014 13:38:35 -0700 (PDT)
Received: from [] ( []) by with ESMTPSA id 10sm19198228pbo.51.2014. for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 15 Apr 2014 13:38:34 -0700 (PDT)
Message-ID: <>
Date: Wed, 16 Apr 2014 08:38:36 +1200
From: Brian E Carpenter <>
Organization: University of Auckland
User-Agent: Thunderbird (Windows/20070728)
MIME-Version: 1.0
Subject: Re: What I've been wondering about the DMARC problem
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: IETF discussion list <>
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 15 Apr 2014 20:38:43 -0000

On 16/04/2014 03:49, Dave Crocker wrote:
> On 4/14/2014 6:45 PM, Brian E Carpenter wrote:
>> I thought that standard operating procedure in the IT industry
>> was: if you roll something out and it causes serious breakage to
>> some of your users, you roll it back as soon as possible.
>> Why hasn't Yahoo rolled back its 'reject' policy by now?
> As the most-recent public statement from Yahoo, this might have some
> tidbits in it that are relevant to your question:

It serves to explain their obduracy but this really annoys me:

> There is a regrettable, short-term impact to our more aggressive position on DMARC. Many legitimate emails sent on behalf of Yahoo Mail customers from third parties are also being rejected. We apologize for any inconvenience this may have caused.

Why do they assert that it's a *short-term* impact? There's no clean fix, as
the discussion here has shown. And doesn't that "any" in "any inconvenience"
make you grind your teeth? We know that it's caused great inconvenience.

And this:

> We know there are about 30,000 affected email sending services, but we also know that the change needed to support our new DMARC policy is important and not terribly  difficult to implement. 

"not terribly  difficult to implement"? From what list admins are telling us,
that is simply untrue.

>  We have detailed the changes we are requiring here.

"requiring"?? Who are Yahoo to _require_ changes from 30000 third parties?

The mailman fix is worse than the disease. I think the .INVALID fix is
much better, because Reply-all will still work.