Re: DMARC and yahoo

Yoav Nir <ynir.ietf@gmail.com> Mon, 21 April 2014 07:29 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91E301A0188 for <ietf@ietfa.amsl.com>; Mon, 21 Apr 2014 00:29:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.4
X-Spam-Level:
X-Spam-Status: No, score=-0.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, J_CHICKENPOX_16=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BUpEeuhYhe10 for <ietf@ietfa.amsl.com>; Mon, 21 Apr 2014 00:29:28 -0700 (PDT)
Received: from mail-ee0-x231.google.com (mail-ee0-x231.google.com [IPv6:2a00:1450:4013:c00::231]) by ietfa.amsl.com (Postfix) with ESMTP id 760431A0180 for <ietf@ietf.org>; Mon, 21 Apr 2014 00:29:28 -0700 (PDT)
Received: by mail-ee0-f49.google.com with SMTP id c41so3409361eek.36 for <ietf@ietf.org>; Mon, 21 Apr 2014 00:29:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to; bh=ZYW6SYbuHg87zNdqnhLeWmeu0RnK+PX7eVF9q150krQ=; b=HJ7JPkXfT37ZC66gzSgzcQBzarN+o7j8qtioDfmboRwdwRPYqJNbfpxjZQyK3MlJhX cdyvvRcd9xdUhE1v4T3+Sv2mGH03f02oLUFb17DcnqhQOwuTjG+Vt6nDmrH4GFvn0CXA uqcJwL+dPL2hET0QydIlqQodlhlNwNxgmLwDjpjTN5wPPxCAHfkL0G9dI9UGZDYdcM2S memC4pjEG+OYpgC+GtUR2PH+olkfKHgkgwbJFsPLuhi3lTWWjEho8bgE8vw/5Q0m86pK rM14OV+K6vQt8SC+e79ESI9eRfHb3aUnImyJItlnhqd4cMGWhCQ71IOf3jf3kn4VMYA6 pFWw==
X-Received: by 10.14.225.132 with SMTP id z4mr171472eep.92.1398065363125; Mon, 21 Apr 2014 00:29:23 -0700 (PDT)
Received: from [192.168.1.102] (bzq-84-109-50-18.red.bezeqint.net. [84.109.50.18]) by mx.google.com with ESMTPSA id o5sm101134535eeg.8.2014.04.21.00.29.21 for <ietf@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 21 Apr 2014 00:29:22 -0700 (PDT)
Content-Type: text/plain; charset=windows-1252
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
Subject: Re: DMARC and yahoo
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <0da8874469c14960a6b21719ebd4770b@BLUPR03MB424.namprd03.prod.outlook.com>
Date: Mon, 21 Apr 2014 10:29:18 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <DF48768A-90D8-4634-A5E0-9C343A849F5A@gmail.com>
References: <CAKW6Ri6OUmxGaBOGR2hoWpDOGWsVQ9tQ2Q9ogkT5wzFhFJLBbQ@mail.gmail.com> <534D9C2C.8010606@gmail.com> <20140415214348.GL4456@thunk.org> <1397607352.389753533@f361.i.mail.ru> <534DCFFB.4080102@gmail.com> <20140416012205.GC12078@thunk.org> <24986.1397615002@sandelman.ca> <20140416023813.GA21807@thunk.org> <C8A2B0B4-5FA4-4BFE-AECE-C61667ECF2FB@secure-endpoints.com> <4948F093F369F051CAF0B810@[192.168.1.128]> <53543ADA.8010204@dougbarton.us> <0da8874469c14960a6b21719ebd4770b@BLUPR03MB424.namprd03.prod.outlook.com>
To: "ietf@ietf.org" <ietf@ietf.org>
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/CWuzoxVnGjLlLMzYVnadxEL4yHI
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Apr 2014 07:29:32 -0000

On Apr 21, 2014, at 4:00 AM, Christian Huitema <huitema@microsoft.com> wrote:

>> The issue with @yahoo.com and DMARC is not the @yahoo.com users' ability 
>> to receive mail, it's their ability to send mail to the list with From: 
>> *@yahoo.com and have it be received by list subscribers who implement 
>> strict DMARC policies which honor Yahoo!'s p=reject.
>> 
>> It's not clear how setting the @yahoo.com users to digest mode helps 
>> this situation at all.
> 
> It probably does not. Trying analyze the various positions with a cool head, the obvious conclusion is that hard problems don't have easy answers.
> 
> The current mailing list practice has the mailing list as sender, and the original message composer described in the From field. The receiver sees something like:
> 
>   Sender: ietf <ietf-bounces@ietf.org> 
>   From: Christian Huitema <huitema@microsoft.com> 
>   …
> 
> Of course, that particular construct could easily be abused. A phishing message does not differ much from a mailing list message:
> 
>   Sender: postmaster <postmaster@phishing-domain.com> 
>   From: Christian Huitema <huitema@microsoft.com> 
>   …

Right. As a mailing list provider, we have a way to make our lists work:

 From: IETF mailing list on behalf of Christian Huitema <ietf@ietf.org>

 ...

The downside is that clicking “Reply” sends a message to the list rather than to Christian, which seems OK, but is a change of behavior. In fact it gives no natural way to reply directly (and off-list) to Christian, unless the original sender is added in CC: or Reply-To: fields.

Yoav