Re: DMARC and yahoo

Douglas Otis <doug.mtview@gmail.com> Wed, 16 April 2014 01:45 UTC

Return-Path: <doug.mtview@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A4311A0034 for <ietf@ietfa.amsl.com>; Tue, 15 Apr 2014 18:45:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.999
X-Spam-Level:
X-Spam-Status: No, score=-0.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zy-BA-iwASn0 for <ietf@ietfa.amsl.com>; Tue, 15 Apr 2014 18:45:50 -0700 (PDT)
Received: from mail-pb0-x232.google.com (mail-pb0-x232.google.com [IPv6:2607:f8b0:400e:c01::232]) by ietfa.amsl.com (Postfix) with ESMTP id 512EF1A0033 for <ietf@ietf.org>; Tue, 15 Apr 2014 18:45:50 -0700 (PDT)
Received: by mail-pb0-f50.google.com with SMTP id md12so10260108pbc.37 for <ietf@ietf.org>; Tue, 15 Apr 2014 18:45:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=ucCOMfw07Ew5hjRoBIR4ghNtm2O91VQpJLapYY02eLg=; b=u8Km+OufCtfdAIiJeYR4lJThYAQ/AeOd8G09hXdhvhQIQlPULAKYZE+BWfzFeXOsxP wI6EQfiuRQckZl5kF9xlmFJemeUStIHzIg3l7qruJ6iP65plCp2CYmbexZaUKHX7BQ9f BeVy3DKhGNhgoMMA53Y9W31IcV4ORBgwYCbot/JNTgFAJsfF7VIP8nPcTy62dBTHv0t8 GVFPy6dM8rUNmhHmTjxqdURi++o0UHgkVmYcELU0koOFai6y/RZVFfRl3Ym9NE37DTAz ZXHwuIHs1pLSQGB3omkq6GlU1KVYhVSOIIJhqnR6VDKcQUnCBW0e2q3Ii6l0OvMw7Ko0 X/tA==
X-Received: by 10.67.23.135 with SMTP id ia7mr5429988pad.5.1397612747309; Tue, 15 Apr 2014 18:45:47 -0700 (PDT)
Received: from dhcp150.priv.bungi.com (c-24-4-159-60.hsd1.ca.comcast.net. [24.4.159.60]) by mx.google.com with ESMTPSA id gg3sm43215185pbc.34.2014.04.15.18.45.45 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 15 Apr 2014 18:45:46 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_377C4C47-4DA5-44E4-A352-BF890D73F636"
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
Subject: Re: DMARC and yahoo
From: Douglas Otis <doug.mtview@gmail.com>
In-Reply-To: <534DCFFB.4080102@gmail.com>
Date: Tue, 15 Apr 2014 18:45:45 -0700
Message-Id: <23DD0EB7-D083-4329-B5B5-51F1A38BA4CD@gmail.com>
References: <CAKW6Ri6OUmxGaBOGR2hoWpDOGWsVQ9tQ2Q9ogkT5wzFhFJLBbQ@mail.gmail.com> <534D9C2C.8010606@gmail.com> <20140415214348.GL4456@thunk.org> <1397607352.389753533@f361.i.mail.ru> <534DCFFB.4080102@gmail.com>
To: Doug Royer <douglasroyer@gmail.com>
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/a_LIKuoV3CZqREWF_jvfKSGgo1E
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Apr 2014 01:45:54 -0000

On Apr 15, 2014, at 5:34 PM, Doug Royer <douglasroyer@gmail.com> wrote:

> Yahoo does not seem to require DMARK. Simply use one of the other two options. I use SPF for my domains, and it makes it through their systems just fine.

Dear Doug,

There's confusion about DMARC policy.  Policy is based on the domain in the From header field as indicated at _dmarc.<email-domain>.  If the From header contains "somebody@yahoo.com".com", then policy located at:

_dmarc.yahoo.com. IN TXT "v=DMARC1\; p=reject\; sp=none\; pct=100\; rua=mailto:dmarc-yahoo-rua@yahoo-inc.com, mailto:dmarc_y_rua@yahoo.com\;"
means any validation not aligned with yahoo.com is to be rejected.

> It looks to me that some want to be able to send list email to many from a bogus email address (some-domain.invalid). Simply stop doing that.

No. Having emailing lists change ]From headers to "somebody@yahoo.com.invalid" sidesteps onerous _dmarc. policy (which prevents mailing-list use).

It seems 5 organizations outweigh 30,000 smaller groups.  There are scalable solutions such as ATP.  DMARC, on its own, requires all services to be under their domain.

> One of the responsibilities of being a list maintainer is cleaning up all of bounced mess from no longer valid email addresses. I have advocated in the past for a email header that allows a bounced message to be automatically routed for the correct reason back to the list maintainer for processing by automated processes. Maybe it is time to revisit that proposal.
> 
> I used to get thousands of spams from forged email. I get almost none now. If I got thousands, Yahoo must get millions. I applaud them for their courage to take a stand.

What you describe reflects most mailing lists that are generally better managed than the general corpus of messages directly from yahoo.com itself.  This is also why I wrote the ATP protocol.  ATP offers sending domains a means to select an ATP label hashes of domains they or the community considers well-managed third-party services.  Such exceptions will not invite abuse.

Regards,
Douglas Otis