Re: DMARC and yahoo

Theodore Ts'o <> Wed, 16 April 2014 01:22 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 3DA2D1A0068 for <>; Tue, 15 Apr 2014 18:22:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.573
X-Spam-Status: No, score=-1.573 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, J_CHICKENPOX_16=0.6, RP_MATCHES_RCVD=-0.272, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id S43JpDxGUYYJ for <>; Tue, 15 Apr 2014 18:22:10 -0700 (PDT)
Received: from ( [IPv6:2600:3c02::f03c:91ff:fe96:be03]) by (Postfix) with ESMTP id 3B1DE1A0034 for <>; Tue, 15 Apr 2014 18:22:10 -0700 (PDT)
Received: from root ( by with local-esmtp (Exim 4.80) (envelope-from <>) id 1WaEYA-0003y0-Vw; Wed, 16 Apr 2014 01:22:07 +0000
Received: by (Postfix, from userid 15806) id C7714580893; Tue, 15 Apr 2014 21:22:05 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=ef5046eb; t=1397611325; bh=XaaWVcSO7w7PAbqPckrmwCN915HZV1Us389V6hXVyqU=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=ZxfT5UJrj4vDjm2XtC/q3wVJTTa8Av/XC4yUVJAjkxtbGZ7G40JVSHeMGSuj3Vm6z EMl05evNZq5/vydhLB6kl/daV/B8cCIx6l73JBpQheWptMovzYYU4xG6L3PJzl+xn2 PPpk0CzpDXSHayGLnRTPq+UYUbB/PmG13EkGI1do=
Date: Tue, 15 Apr 2014 21:22:05 -0400
From: Theodore Ts'o <>
To: Doug Royer <>
Subject: Re: DMARC and yahoo
Message-ID: <>
References: <> <> <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Scanned: No (on; SAEximRunCond expanded to false
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 16 Apr 2014 01:22:14 -0000

On Tue, Apr 15, 2014 at 06:34:03PM -0600, Doug Royer wrote:
> Yahoo does not seem to require DMARK. Simply use one of the other two
> options. I use SPF for my domains, and it makes it through their systems
> just fine.

You seem to be confused about what the problem is.  It's not that
Yahoo is requiring DMARK.  The problem is that Yahoo is requesting
that *other* mailers reject mail if the From field is not aligned with
the Sender, and the From field is from

This means that if a sends a message to a list which
includes, and the mailing list server keeps the from
field as "".com", and sends the message to all of the mailing
list recipients, which includes, the following things will happen:

a) will compare the sender address (authenticated with
   SPF) with the from address (authenticated by DKIM), see that they
   are different, and since has a DEMARK p=reject, will bounce the mail.

b) this means will never see's mail

c) since the mailing list server receives a bounce from,
   if there are enough attempts from users to send mail to
   the mailing list, the number of bounces will cause the mailing list
   server to suspend or remove from the mailing

If we munge the from field from to, then will not bounce the mailing
list mail.  This means Alice will see Bob's message, and Alice will
not be in danger of getting suspended or dropped from the mailing list.

Alternatively, the mailing list server could determine the Bob is
sending his mail from a domain that has a DEMARK p=reject policy, and
simply bounce the mail back to Bob right away, instead of sending it
to the mailing list recipients.  That way, Bob's can get pursuaded to
use another mail provider, and Alice doesn't have to worry about
getting suspended from the mailing list.

Do you have another suggestion about what the mailing list server is
supposed to do?

						- Ted