Re: DMARC and yahoo

Brian E Carpenter <> Mon, 21 April 2014 20:07 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id C13D71A028F for <>; Mon, 21 Apr 2014 13:07:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.4
X-Spam-Status: No, score=-0.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, J_CHICKENPOX_21=0.6, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 7HrsdQxkZgLw for <>; Mon, 21 Apr 2014 13:07:38 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400e:c02::22a]) by (Postfix) with ESMTP id 9EE8D1A028B for <>; Mon, 21 Apr 2014 13:07:38 -0700 (PDT)
Received: by with SMTP id v10so4041962pde.29 for <>; Mon, 21 Apr 2014 13:07:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=cyurktB3jSGIOMfRXPwuHi5ikEYJDgIpBTzsMC2mwC8=; b=PNhvib35k5VrVArmMeyfJhWETis3VvRq+Td/FxC7D+/QYXx1XHqNDUQuvVzr77Fql9 8detnRCLhaefj/OZRCH0rCsuzCPJQTnX/l0pmbYsbNPh0KIgbWYCzCe/y1bRttSE2Asi KLMHp6VaZXs8CD5BrA+QpDyDHNSOItw4uASRW071rRFYZLI04PhBPSqDRX6UdqZ2kNh4 2KPiBRcdRl2K/bFsyPYdcLKAV75XvsY8b80frkY34wL/blj64aKkSs1xoa1qKqMi9Se9 9qu90F1Ck1GB6FubEZCqv2VkshvkX/z5mrkMy5cm9PvUuU2FKJoIwg9X2rXn1A5iF1/U qiDQ==
X-Received: by with SMTP id ex15mr5232935pac.122.1398110853505; Mon, 21 Apr 2014 13:07:33 -0700 (PDT)
Received: from [] ( []) by with ESMTPSA id vg1sm79910386pbc.44.2014. for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 21 Apr 2014 13:07:32 -0700 (PDT)
Message-ID: <>
Date: Tue, 22 Apr 2014 08:07:25 +1200
From: Brian E Carpenter <>
Organization: University of Auckland
User-Agent: Thunderbird (Windows/20070728)
MIME-Version: 1.0
To: Theodore Ts'o <>
Subject: Re: DMARC and yahoo
References: <> <> <> <> <> <> <> <4948F093F369F051CAF0B810@[]> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 21 Apr 2014 20:07:40 -0000

On 22/04/2014 06:56, Theodore Ts'o wrote:
> On Mon, Apr 21, 2014 at 12:04:00PM -0600, Doug Royer wrote:
>> If yahoo sends out an email from list-name@yahoo, then that is where the
>> email is from.
>> So it would be correct to set the from/sender in the email to be
>> Why try to make it fake anything?
>> If you want to preserve any digital signature in the original message, then
>> send the original email as a mime body part in the forwarded message.
> Because this message that you just sent was sent _from_ Doug Royer, in
> the sense that it was authored by Doug Royer.  It was not authored by
> "".org", and that's in fact what most users would find more
> interesting, since they have other ways of determining that a
> particular message was sent via a particular mailing list reflector.
> Fundamentally, this is going to be main issue.  For mailing list
> users, when they are following a particular conversation, they want to
> be able to easily identify which e-mails were contributed by which
> participant.  This has historically been done via the "From" field.
> It's possible to reinvent some other field, to indicate who had
> originally authored the message --- say, adding a
> "X-Originally-Authored-By".  But the fundamental issue is that it's
> useful and interesting and wanted that people be able to get the
> "originally authored by" message.  And so eventually, MUA are going to
> be responsive to users' needs.
> The fact that spammers could then use this confuse naive users is not
> likely going to stop them, because if you are having a multi-user
> conversation via e-mail, to make all of them appear to come from
> "" is just not acceptable to the users of that
> mailing list.  They will want to know who originally authored the each
> e-mail message.

In fact it's a lie: the message is *not* from the mailing list, it's
from its originator. I have no doubt some ingenious lawyer could
discover a tort in the lie, so it might even be legally dangerous for
the mailing list operator to tell this lie on every message.

Among other things, it makes it virtually impossible to filter trolls.
I am on a couple of lists at the moment where troll filtering is
essential for one's sanity (and where DMARC has been discussed too, as
it happens).