Re: Yahoo breaks every mailing list in the world including the IETF's

Douglas Otis <doug.mtview@gmail.com> Tue, 20 May 2014 03:18 UTC

Return-Path: <doug.mtview@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92F8C1A0457 for <ietf@ietfa.amsl.com>; Mon, 19 May 2014 20:18:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nxN6Scg_cZlc for <ietf@ietfa.amsl.com>; Mon, 19 May 2014 20:18:46 -0700 (PDT)
Received: from mail-pa0-x236.google.com (mail-pa0-x236.google.com [IPv6:2607:f8b0:400e:c03::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 008471A03D4 for <ietf@ietf.org>; Mon, 19 May 2014 20:18:45 -0700 (PDT)
Received: by mail-pa0-f54.google.com with SMTP id bj1so6623577pad.41 for <ietf@ietf.org>; Mon, 19 May 2014 20:18:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=qPdxb8bqOMYydyERJfB5cK4xZdzFrYd0MW5UuN5ZfDM=; b=yN2A8b1MLwQ8pdCyEnIJKdWlfjJIe7ga8xrE1OE+QTmzQh+fpJxOCVXZmYoNNNhjxV HlrRQoDpUKJCOt+YC9KkDFORse7CgvU1zjy9Q8nItpjAmCWdaZ0KyfNg7tgoHKBFGP0V pSuAsHDzPWmu9MGwAvHArX5PFe+Oh8khxIQyOCu99d/9qrqilPC0KGH/JCqtCT18ZbaF e+gZxNuwzpWn097IP84eNcu6TcutfqU2hOAGnFvcQ2UkvgI8kvIqKTq0jtuSUZfGH+m5 dMVtBqcG9y8z+HvkpZERthymBOMNrRq/VullQDzmiTqqbA/9N3ZoOHRNs8lM7WFoCpj2 aiVQ==
X-Received: by 10.68.130.229 with SMTP id oh5mr46829249pbb.121.1400555925603; Mon, 19 May 2014 20:18:45 -0700 (PDT)
Received: from [192.168.2.226] (c-67-188-1-12.hsd1.ca.comcast.net. [67.188.1.12]) by mx.google.com with ESMTPSA id av4sm24524776pac.8.2014.05.19.20.18.44 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 19 May 2014 20:18:44 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\))
Subject: Re: Yahoo breaks every mailing list in the world including the IETF's
From: Douglas Otis <doug.mtview@gmail.com>
In-Reply-To: <11483199.Dh9NfH7rEK@scott-latitude-e6320>
Date: Mon, 19 May 2014 20:18:44 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <3DA68B2D-7A82-4E05-ACBC-3E53509B207E@gmail.com>
References: <20140519155728.665a7a7059d7ee80bb4d670165c8327d.ea1bccb7e4.wbe@email03.secureserver.net> <11483199.Dh9NfH7rEK@scott-latitude-e6320>
To: Scott Kitterman <scott@kitterman.com>
X-Mailer: Apple Mail (2.1878.2)
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/VLFELfOw0D8Yx57tPiUGnLjKovw
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 May 2014 03:18:47 -0000

On May 19, 2014, at 7:07 PM, Scott Kitterman <scott@kitterman.com> wrote:

> On Monday, May 19, 2014 15:57:28 Doug Ewell wrote:
>> I'm still working on the logic of a post with Yahoo in its subject line,
>> which calls out Yahoo 26 times and Google 19 times, then concludes out
>> of left field that all of this is the fault of Evil Microsoft.
> 
> They do reject DMARC fail, which is part of the problem.


To reject or not to reject...

Doing what Yahoo! and AOL requests seems appropriate.  Not doing so may carry some risk. The DMARC specification is fairly clear about the expected action to be taken. If someone is harmed because a message was not rejected, although similar messages for other domains are, then who would be at fault? 

DMARC combines both SPF and DKIM to limit the number of erroneous results.  Of course, Yahoo! and AOL should have notified their users to unsubscribe from mailing lists giving them feedback, otherwise messages sent to these lists might impair subscriptions for other users of different providers.

It is difficult to understand why they selected reject rather than quarantine.  Are they attempting to be ultra safe with respect to follow-on liabilities?   By now their support costs dealing with real harm must have them hemorrhaging such that complaints about not being able to use a church mailing list has fairly low priority.  Why should anyone else care when the domain making seemingly erroneous alignment assertions doesn't?

Regards,
Douglas Otis