Re: DMARC and yahoo

Hector Santos <hsantos@isdg.net> Sun, 20 April 2014 17:23 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BA641A0029 for <ietf@ietfa.amsl.com>; Sun, 20 Apr 2014 10:23:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.138
X-Spam-Level:
X-Spam-Status: No, score=-101.138 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qwk8maqF56Ol for <ietf@ietfa.amsl.com>; Sun, 20 Apr 2014 10:23:26 -0700 (PDT)
Received: from listserv.winserver.com (catinthebox.net [208.247.131.9]) by ietfa.amsl.com (Postfix) with ESMTP id 68A821A0027 for <ietf@ietf.org>; Sun, 20 Apr 2014 10:23:26 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=1214; t=1398014598; h=Received:Received: Received:Received:Message-ID:Date:From:Organization:To:Subject: List-ID; bh=BEsUfqWI2nU42J26r8NRhnrL4iw=; b=tJ4m4q9wpQGiRmJM/qNh 3w+EpR4RWTfOM7WWj8D+ppwZD9FUWayTpcwdAbsHgsA7qtym1LJWVz4gpFgHCZeq C2EoHohRm2jH5YB3jZGHaHR3lmGzm5Zxn1TCeJ2Y02XbFihhdrOcG9WV1PuP3FjL Wa1EQO+FI70jbrl9ZSJOUzs=
Received: by winserver.com (Wildcat! SMTP Router v7.0.454.4) for ietf@ietf.org; Sun, 20 Apr 2014 13:23:18 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com;
Received: from hector.wildcatblog.com (opensite.winserver.com [208.247.131.23]) by winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP id 1123169399.9381.2552; Sun, 20 Apr 2014 13:23:17 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1214; t=1398014519; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=/VdVxPJ Zw9aiSY4zmf8lU61Cnddrhz/QTDwhX2BltGU=; b=jc+6EpxaA8qoTtSCko5HUAE 8gkQaKFZ7bwC8vcpex9iyjhSWTQVlWNYVjA3qXfDO+YoHeRq3q5zJRrt0q2EGac5 rblSpbrZQ3vWK1WghWsrwxqJ0udH4V8mXqgQ1ufhGtplkR9kO8nMzP6qSyFGYMw1 3ZUlEVT2SiizYUPfwkH0=
Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.4) for ietf@ietf.org; Sun, 20 Apr 2014 13:21:59 -0400
Received: from [192.168.1.2] ([99.121.4.27]) by beta.winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP id 1142695671.9.12016; Sun, 20 Apr 2014 13:21:58 -0400
Message-ID: <5354027E.4090701@isdg.net>
Date: Sun, 20 Apr 2014 13:23:10 -0400
From: Hector Santos <hsantos@isdg.net>
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Jeffrey Altman <jaltman@secure-endpoints.com>, Theodore Ts'o <tytso@mit.edu>
Subject: Re: DMARC and yahoo
References: <CAKW6Ri6OUmxGaBOGR2hoWpDOGWsVQ9tQ2Q9ogkT5wzFhFJLBbQ@mail.gmail.com> <534D9C2C.8010606@gmail.com> <20140415214348.GL4456@thunk.org> <1397607352.389753533@f361.i.mail.ru> <534DCFFB.4080102@gmail.com> <20140416012205.GC12078@thunk.org> <24986.1397615002@sandelman.ca> <20140416023813.GA21807@thunk.org> <C8A2B0B4-5FA4-4BFE-AECE-C61667ECF2FB@secure-endpoints.com>
In-Reply-To: <C8A2B0B4-5FA4-4BFE-AECE-C61667ECF2FB@secure-endpoints.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/IFkXNep-fBZ-dPBHwkm0TM0shYE
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Apr 2014 17:23:31 -0000

On 4/20/2014 12:52 PM, Jeffrey Altman wrote:

>
> I took a different approach.  I left the bounce detection on but switched all @yahoo.com accounts to digest mode.  Since the mail now comes from the list instead of the @yahoo.com sender there are no rejections.   Not a perfect solution but it prevents harm to non-@yahoo.com list participants.
>

Thats a good tip (Digest Mode) to pass on to our list operators.  Thanks.

However, what you going to do with when other domains begin to flip on 
the strict DMARC policy switch.  There will be more domains doing this 
now that Yahoo is showing the payoff is high in increasing the 
security quality of their domain.

Keep in mind that this is just about dealing with the legacy existing 
user accounts. You SHOULD still honor the policy for at least new 
subscribers from yahoo.com accounts.  You SHOULD also honor the policy 
for new submissions. But you believe you MAY ignore it and do some 
things to get around the domain's security policy.

The key is how to do all this in an automated protocol fashion, and it 
should begin with first honoring and correcting the DMARC draft 
specification for 3rd party resigner operations which it lacks.

-- 
HLS