Re: Yahoo breaks every mailing list in the world including the IETF's

S Moonesamy <> Tue, 08 April 2014 06:35 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 8E6A81A00E6 for <>; Mon, 7 Apr 2014 23:35:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.8
X-Spam-Status: No, score=-1.8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, T_DKIM_INVALID=0.01, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id AAHlaRuXKxsQ for <>; Mon, 7 Apr 2014 23:35:23 -0700 (PDT)
Received: from ( [IPv6:2001:470:f329:1::1]) by (Postfix) with ESMTP id DE8361A0032 for <>; Mon, 7 Apr 2014 23:35:23 -0700 (PDT)
Received: from ([]) (authenticated bits=0) by (8.14.5/8.14.5) with ESMTP id s386Z5Yq017829 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 7 Apr 2014 23:35:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=mail2010; t=1396938917; bh=GgkulmGwPhYQ6osUcFHBMXMaaXfskMLo1LfV2zRm3Qg=; h=Date:To:From:Subject:In-Reply-To:References; b=Fa/h21qH+mB8JOTufN5ySqLMcXH1BO83gRfU8Bp7/9thZ1eVxjUg4Kg9h8g7NhyIc bRBI7H8E+DpS4kfYAKNI+ugstY7NTL3gwwFRnUVFDEoLT2iPQ/WuGkxGTciyLJXh4T vMzwXwnqBsj/7k2voO3jbwfpsTL7pNKfCSm41swQ=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=mail; t=1396938917;; bh=GgkulmGwPhYQ6osUcFHBMXMaaXfskMLo1LfV2zRm3Qg=; h=Date:To:From:Subject:In-Reply-To:References; b=U6VwXBWtspJINicoHGrpMCB5Ve/Z36onCurvefiV6j1XPG4wbOFC7r30ganIqDXS+ B6+xEvMfcnEf7MiZ2Li+Q0XCDfcyiov54DmKYhpbitks5GVxnKURyvXWDWvEkhfC+M R66PEbd6NkefDZgtXESJOwyqHyWzyW4RHe2UBc24=
Message-Id: <>
X-Mailer: QUALCOMM Windows Eudora Version
Date: Mon, 07 Apr 2014 23:19:44 -0700
To: John Levine <>,
From: S Moonesamy <>
Subject: Re: Yahoo breaks every mailing list in the world including the IETF's
In-Reply-To: <20140407201104.42050.qmail@joyce.lan>
References: <20140407201104.42050.qmail@joyce.lan>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 08 Apr 2014 06:35:28 -0000

Hi John,
At 13:11 07-04-2014, John Levine wrote:
>DMARC is what one might call an emerging e-mail security scheme.
>There's a draft on it at draft-kucherawy-dmarc-base-04, intended for
>the independent stream.  It's emerging pretty fast, since many of the
>largest mail systems in the world have already implemented it,
>including Gmail, Hotmail/MSN/Outlook, Comcast, and Yahoo.


>Mailing lists are a particular weak spot for DMARC.  Lists invarably
>use their own bounce address in their own domain, so the SPF doesn't
>match. Lists generally modify messages via subject tags, body footers,
>attachment stripping, and other useful features that break the DKIM
>signature.  So on even the most legitimate list mail like, say, the
>IETF's, most of the mail fails the DMARC assertions, not due to the
>lists doing anything "wrong".

 From BCP 167:

   "In an idealized world, if an Author knows that the MLM to which a
    message is being sent is a non-participating resending MLM, the
    Author needs to be cautious when deciding whether or not to send a
    signed message to the list."

It will be interesting to see the results when other domains 
implement the specification.

S. Moonesamy