Re: (DMARC) Why mailing lists are only sort of special Wed, 16 April 2014 23:32 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 2378E1A040F for <>; Wed, 16 Apr 2014 16:32:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.974
X-Spam-Status: No, score=-0.974 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_14=0.6, J_CHICKENPOX_16=0.6, RP_MATCHES_RCVD=-0.272, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id i-l0-_XtnCPO for <>; Wed, 16 Apr 2014 16:32:08 -0700 (PDT)
Received: from ( [IPv6:2600:3c00::f03c:91ff:fe69:c5da]) by (Postfix) with ESMTP id 6F5AA1A0410 for <>; Wed, 16 Apr 2014 16:32:08 -0700 (PDT)
Received: from tytso by with local (Exim 4.80) (envelope-from <>) id 1WaZSr-0004qJ-GS; Wed, 16 Apr 2014 23:42:01 +0000
Date: Wed, 16 Apr 2014 23:42:01 +0000
To: Miles Fidelman <>
Subject: Re: (DMARC) Why mailing lists are only sort of special
Message-ID: <>
References: <> <alpine.BSF.2.00.1404142150430.32657@joyce.lan> <> <alpine.BSF.2.00.1404151832460.38826@joyce.lan> <> <> <> <alpine.BSF.2.00.1404161654430.2065@joyce.lan> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Scanned: No (on; SAEximRunCond expanded to false
Cc: "" <>
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 16 Apr 2014 23:32:09 -0000

On Wed, Apr 16, 2014 at 07:16:26PM -0400, Miles Fidelman wrote:
> Well... yahoo, aol, and others DO keep whitelists now - and various
> mechanisms for getting on them.  Yahoo doesn't, however, seem to
> apply their whitelisting methods to their own mail that's passed
> through DMARC.  Hmmm.....

All of the major mail providers are almost certainly using some kind
of machine-learning that takes multiple things into account, including
SPF and DKIM results, message body filtering, etc.

The problem is that this only helps people who are receiving mail at or, etc.  The problem that Yahoo seems to be
fixated on, at least with respect to their desire to enable DMARC
p=reject, is that they don't trust that *other* people will have good
enough spam detection schemes such that they can detect messages sent
to other mail destinations (for example, such as
where the recipient claims to be

So the problem is not yahoo maintaining a set of whitelists, it's
everybody *else* needing to have a good enough machine learning
algorithms so they can detect bad e-mail.  If everyone did, then you
wouldn't need any DMARC policy other than p=none.  They could all look
at the SPF and DKIM, the message body, their ML algorithms that have
led them to conclude that is a valid email list, and not
a spammer trying to look like a mailing list, and make the appropriate
ham vs spam determination.

In some sense the DMARC p=reject is basically Yahoo saying, "I don't
trust your spam algorithms, so please use a really bone-headed
algorithm which rejects any message claiming to be from if the sender and the from field don't match."


							- Ted