Re: DMARC and yahoo

Jeffrey Altman <jaltman@secure-endpoints.com> Sun, 20 April 2014 16:53 UTC

Return-Path: <jaltman@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2311D1A0026 for <ietf@ietfa.amsl.com>; Sun, 20 Apr 2014 09:53:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.3
X-Spam-Level:
X-Spam-Status: No, score=-1.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FROM=0.001, J_CHICKENPOX_21=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z20TYouxWN14 for <ietf@ietfa.amsl.com>; Sun, 20 Apr 2014 09:53:07 -0700 (PDT)
Received: from mail-qc0-x230.google.com (mail-qc0-x230.google.com [IPv6:2607:f8b0:400d:c01::230]) by ietfa.amsl.com (Postfix) with ESMTP id BA3731A0025 for <ietf@ietf.org>; Sun, 20 Apr 2014 09:53:07 -0700 (PDT)
Received: by mail-qc0-f176.google.com with SMTP id m20so3271130qcx.21 for <ietf@ietf.org>; Sun, 20 Apr 2014 09:53:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=Xt3JDbT66RAL/VRquvho5xxJHzG70wWsLzMTHZpWpS4=; b=R28DIWiJKTA/f80+quzNw6tW/xJuMitTVauiC3Zs0r3RJhJRVgIuZ6wTKPJsTT0f/5 mT4fimhX4EKRa+0xCOGjWi93BSK00J68bGdyzr2mN8yqhuaAWHxpyWtvcMkTuyL2fpyu zdPk/bKIeuSEsyb9e4oxdvt1Yi2MOl1QMROlTTDthq3tH518oU8nj2S9gbjhLe+FrT1f fECag84CowJD+mtwjZuxi1NUYYSYLdf9FZrBeHq2jaiBWTz979Honf3n7EvJ8PcfYg3+ vAS1cgkjyYoDmntUbH3+KuOrzJs/dVwbWqaO5159ZqmvKaSk9Bi4WYrKPLymcsZ10LW6 kGww==
X-Received: by 10.140.46.36 with SMTP id j33mr31931344qga.27.1398012782574; Sun, 20 Apr 2014 09:53:02 -0700 (PDT)
Received: from [10.29.24.213] (mobile-198-228-204-204.mycingular.net. [198.228.204.204]) by mx.google.com with ESMTPSA id k9sm68455131qat.18.2014.04.20.09.53.01 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 20 Apr 2014 09:53:01 -0700 (PDT)
Sender: Jeffrey Altman <jaltman@gmail.com>
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (1.0)
Subject: Re: DMARC and yahoo
From: Jeffrey Altman <jaltman@secure-endpoints.com>
X-Mailer: iPad Mail (11D167)
In-Reply-To: <20140416023813.GA21807@thunk.org>
Date: Sun, 20 Apr 2014 12:52:59 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <C8A2B0B4-5FA4-4BFE-AECE-C61667ECF2FB@secure-endpoints.com>
References: <CAKW6Ri6OUmxGaBOGR2hoWpDOGWsVQ9tQ2Q9ogkT5wzFhFJLBbQ@mail.gmail.com> <534D9C2C.8010606@gmail.com> <20140415214348.GL4456@thunk.org> <1397607352.389753533@f361.i.mail.ru> <534DCFFB.4080102@gmail.com> <20140416012205.GC12078@thunk.org> <24986.1397615002@sandelman.ca> <20140416023813.GA21807@thunk.org>
To: Theodore Ts'o <tytso@mit.edu>
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/TBqS36Vo_7NZYXwGPw1OWjZ6erU
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Apr 2014 16:53:09 -0000

Jeffrey Altman


> On Apr 15, 2014, at 10:38 PM, Theodore Ts'o <tytso@mit.edu> wrote:
> 
>> On Tue, Apr 15, 2014 at 10:23:22PM -0400, Michael Richardson wrote:
>> So, as a WG chair, a person known to me just tried to post to the list
>> From a brand new yahoo.com mail account.  They aren't subscribed with that
>> address.  I would normally just approve, and add them...
>> 
>> It seems to me that I must now actually reject, because it would affect other
>> subscribers.
>> 
>> I'm now thinking that we need to remove all the @yahoo.com addresses from
>> posting to ietf mailing lists.
> 
> So on my mailman configuration (which I believe is the default), if
> alice@hotmail.com receives 5 hard fail bounces she will get
> automatically suspended from the mailing list.  So a single e-mail
> from a @yahoo.com address won't cause damage, and if seven days go by
> without any further bounce messages, the "bounce counter" gets reset
> to zero.  The problem comes if you have many e-mail messages from
> yahoo.com users (which according to yahoo and the DMARC cheerleaders,
> shouldn't happen happen, because mailing list traffic is
> "insignificant" :-).

I took a different approach.  I left the bounce detection on but switched all @yahoo.com accounts to digest mode.  Since the mail now comes from the list instead of the @yahoo.com sender there are no rejections.   Not a perfect solution but it prevents harm to non-@yahoo.com list participants.

Jeffrey Altman