As time goes - it is possible that more and more mail providers will switch to more strict policies and you'll end up telling your users over and over again to switch mail providers.
This is starting to sound like a conspiracy of large mail providers to drive everyone else out of the business.
It is a well known limitation of DMARC that there are some legitimate sending practices that it does not and cannot describe. Mailing lists are the leading example, but there are others like mail an article from a newspaper's web site. If Yahoo can't get this right, we're all in trouble.
R's, John
2014-04-07 16:54 GMT+02:00 John R Levine <[email protected]>:I arrived to a blizzard of bounce messages this morning from my church's discussion list, from Gmail, Hotmail/MSN/Outlook, Yahoo, and Comcast. A little poking around with strong hints from the rejection messages revealed that it was for a message from a member who uses a yahoo.com address, and the problem was that someone at Yahoo decided to improve Yahoo mail's security by publishing DMARC p=reject, leading to the exact problem I've been warning about for a year. Some people claimed that list rejections are not a problem, since large mail systems all have whitelists of mailing list servers. Unfortunately, we now know that is not true. My lists come from a dedicated IP that has been sending nothing but squeaky clean list mail for many years. (It's listmail.iecc.com, 64.57.183.54 and 2001:470:1f07:1126:0:62:6c61:7374, and I'm getting both v4 and v6 bounces.) This is the same host that sends list mail from CAUCE and a bunch of other innocuous well behaved lists. If it's not whitelisted, nothing is whitelisted. All church list mail has DKIM signatures from the list domain, unitarian.ithaca.ny, and the list software, lists.iecc.com. The lists add subject tags and message footers, which of course break the signatures, and that's not going to change, because it's useful. The SPF is reasonable for the list's bounce addresses. I will, of course, be urgently telling all of my Yahoo subscribers that they need to switch to a different mail provider ASAP, but this is a dismaying self-inflicted wound.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
