> -----Original Message----- > From: John Levine [mailto:[email protected]] > Sent: Monday, April 07, 2014 2:07 PM > To: [email protected] > Cc: MH Michael Hammer (5304) > Subject: Re: [dmarc-discuss] Hey, Yahoo, you just broke my church mailing > list > > >Why put all of the burden on Yahoo? If the newspaper site can't figure > >out how to mail an article without using the visitors email address > >(and yes, the sites I work for made this change in 2007 and it has been > >working fine since > >then) then perhaps the onus is on the newspaper site. This has been an > issue since 2007 (think Storm Worm). > > Dunno what newspapers you read, but the Wall Street Journal and New York > Times among others put the user's address on the From: line. > Again, that is not a bug. That is how e-mail is supposed to work. >
That is an implementation choice John, not "That is how e-mail is supposed to work". Having open mail relays used to be considered acceptable. Then some folks decided that they weren't going to accept mail from hosts that were open mail relays, regardless of whether those hosts also sent legitimate email. There are other ways of implementing which do not involve putting the user's email address on the From: line. As I put it to my management when the issue first came up (lo these many years ago = 2004): Which do you prefer, to make these changes on our own initiative and on our own timeline or under the gun because some major site decides to implement stronger email authentication practices and it wrecks our implementation practices? What you are claiming is that Yahoo (or any other domain) does not have the right to determine the use of their domain. While I believe that Yahoo could have done a better job of providing warning that the change was coming, it is ultimately their decision as to what they implement and how they implement it. > Re the conspiracy angle, I saw bounces from Gmail, Hotmail, Yahoo, Comcast, > and nobody else. Draw your own conclusions. > I conclude that you need an upgraded tinfoil hat. Hotmail, Gmail, Yahoo and Comcast (among others) respect DMARC policy and implement local policy overrides using their individual secret sauces. This is no secret and hasn't been since DMARC was first announced 2+ years ago (although Comcast implemented validation more recently). So my conclusion is that your church mailing list didn't make the cut for local policy overrides at any of those providers (and probably others). While that is unfortunate I don't conclude anything meaningful from your assertion. > R's, > John _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
