From: [email protected] [mailto:[email protected]] On Behalf Of Al Iverson Sent: Monday, April 07, 2014 12:58 PM To: [email protected] Subject: Re: [dmarc-discuss] Hey, Yahoo, you just broke my church mailing list
On Mon, Apr 7, 2014 at 10:38 AM, John R Levine <[email protected]<mailto:[email protected]>> wrote: As time goes - it is possible that more and more mail providers will switch to more strict policies and you'll end up telling your users over and over again to switch mail providers. This is starting to sound like a conspiracy of large mail providers to drive everyone else out of the business. Why does it always have to be a conspiracy? Mail providers are/will switch to stricter policies because they increasingly become targets of opportunity as other vectors (think Brands and their domains) have become increasingly locked down. While the exact timing may be a surprise, it should not be a surprise to anyone that at some point a major mailbox provider has implemented this type of email authentication on the sending side. It is a well known limitation of DMARC that there are some legitimate sending practices that it does not and cannot describe. Mailing lists are the leading example, but there are others like mail an article from a newspaper's web site. If Yahoo can't get this right, we're all in trouble. Why put all of the burden on Yahoo? If the newspaper site can't figure out how to mail an article without using the visitors email address (and yes, the sites I work for made this change in 2007 and it has been working fine since then) then perhaps the onus is on the newspaper site. This has been an issue since 2007 (think Storm Worm). I don't personally think we're all in trouble. I think if Yahoo sticks by this, I think mailing list managers can choose to roll with it by modifying what they put into the from address when distributing posts, or they can try to convince subscribers to move away from Yahoo. I think in this case mailing lists (that people subscribe to) are the tail and the dog consists of the small business people who are sending mail through 3rd parties using @yahoo.com addresses. I've certainly had to deal with a scenario similar to the latter in the past; when a certain blacklist operator went off the rails and spite listed all of my employer, I did have some success convincing subscribers to change to an email provider that didn't use that DNSBL, but it was a lot of work for little value. If I were dealing with this specific issue today, I'd probably just hack my MLM to do what I needed it to do, and maybe even look at coordinating with others to see about broader updates to how various MLM software packages work. I know you won't agree with this, but I wanted to point out that there's another point of view here. I guess I've worked at an ESP long enough to know that when you're not the big dog, sometimes you have to roll with what the big dog does, and just deal with it. Yahoo says I have to do X for what I want to work for their subscribers, so I do it. I think this sums it up from an ESP perspective. Stay tuned for details on the church mailing list. Perhaps threatening Yahoo with a place in purgatory might do the trick.
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
