Re: DMARC and yahoo

Theodore Ts'o <tytso@mit.edu> Wed, 16 April 2014 01:22 UTC

Return-Path: <tytso@thunk.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DA2D1A0068 for <ietf@ietfa.amsl.com>; Tue, 15 Apr 2014 18:22:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.573
X-Spam-Level:
X-Spam-Status: No, score=-1.573 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, J_CHICKENPOX_16=0.6, RP_MATCHES_RCVD=-0.272, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S43JpDxGUYYJ for <ietf@ietfa.amsl.com>; Tue, 15 Apr 2014 18:22:10 -0700 (PDT)
Received: from imap.thunk.org (imap.thunk.org [IPv6:2600:3c02::f03c:91ff:fe96:be03]) by ietfa.amsl.com (Postfix) with ESMTP id 3B1DE1A0034 for <ietf@ietf.org>; Tue, 15 Apr 2014 18:22:10 -0700 (PDT)
Received: from root (helo=closure.thunk.org) by imap.thunk.org with local-esmtp (Exim 4.80) (envelope-from <tytso@thunk.org>) id 1WaEYA-0003y0-Vw; Wed, 16 Apr 2014 01:22:07 +0000
Received: by closure.thunk.org (Postfix, from userid 15806) id C7714580893; Tue, 15 Apr 2014 21:22:05 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=thunk.org; s=ef5046eb; t=1397611325; bh=XaaWVcSO7w7PAbqPckrmwCN915HZV1Us389V6hXVyqU=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=ZxfT5UJrj4vDjm2XtC/q3wVJTTa8Av/XC4yUVJAjkxtbGZ7G40JVSHeMGSuj3Vm6z EMl05evNZq5/vydhLB6kl/daV/B8cCIx6l73JBpQheWptMovzYYU4xG6L3PJzl+xn2 PPpk0CzpDXSHayGLnRTPq+UYUbB/PmG13EkGI1do=
Date: Tue, 15 Apr 2014 21:22:05 -0400
From: Theodore Ts'o <tytso@mit.edu>
To: Doug Royer <douglasroyer@gmail.com>
Subject: Re: DMARC and yahoo
Message-ID: <20140416012205.GC12078@thunk.org>
References: <CAKW6Ri6OUmxGaBOGR2hoWpDOGWsVQ9tQ2Q9ogkT5wzFhFJLBbQ@mail.gmail.com> <534D9C2C.8010606@gmail.com> <20140415214348.GL4456@thunk.org> <1397607352.389753533@f361.i.mail.ru> <534DCFFB.4080102@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <534DCFFB.4080102@gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: tytso@thunk.org
X-SA-Exim-Scanned: No (on imap.thunk.org); SAEximRunCond expanded to false
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/iIJxAoRp_GM4vTjNGeonVnKv1Ic
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Apr 2014 01:22:14 -0000

On Tue, Apr 15, 2014 at 06:34:03PM -0600, Doug Royer wrote:
> Yahoo does not seem to require DMARK. Simply use one of the other two
> options. I use SPF for my domains, and it makes it through their systems
> just fine.

You seem to be confused about what the problem is.  It's not that
Yahoo is requiring DMARK.  The problem is that Yahoo is requesting
that *other* mailers reject mail if the From field is not aligned with
the Sender, and the From field is from yahoo.com.

This means that if a bob@yahoo.com sends a message to a list which
includes alice@hotmail.com, and the mailing list server keeps the from
field as "bob@yahoo.com".com", and sends the message to all of the mailing
list recipients, which includes alice@hotmail.com, the following things will happen:

a) hotmail.com will compare the sender address (authenticated with
   SPF) with the from address (authenticated by DKIM), see that they
   are different, and since yahoo.com has a DEMARK p=reject,
   hotmail.com will bounce the mail.

b) this means alice@hotmail.com will never see bob@yahoo.com's mail

c) since the mailing list server receives a bounce from hotmail.com,
   if there are enough attempts from yahoo.com users to send mail to
   the mailing list, the number of bounces will cause the mailing list
   server to suspend or remove alice@hotmail.com from the mailing
   list.

If we munge the from field from bob@yahoo.com to
bob@yahoo.com.INVALID, then hotmail.com will not bounce the mailing
list mail.  This means Alice will see Bob's message, and Alice will
not be in danger of getting suspended or dropped from the mailing list.

Alternatively, the mailing list server could determine the Bob is
sending his mail from a domain that has a DEMARK p=reject policy, and
simply bounce the mail back to Bob right away, instead of sending it
to the mailing list recipients.  That way, Bob's can get pursuaded to
use another mail provider, and Alice doesn't have to worry about
getting suspended from the mailing list.


Do you have another suggestion about what the mailing list server is
supposed to do?

						- Ted