On Tuesday, April 08, 2014 5:59 PM [GMT+1=CET], Tim Draegen wrote: > Just caught up to this thread. There is work underway to supply > patches to mailing list software so that mailing list operators can > do a push-button upgrade to interoperate with DMARC. > > The amount of abuse that Yahoo sees is incredible, and so I'm not > surprised that they finally had to shout out "enough!".
Probably Yahoo would have had much less abuse had they implemented plain-SPF years ago. Until a few days ago, when Yahoo set up DMARC for YAHOO.COM, they were running naked without the protection of SPF - they were only using DKIM, which does not convey policy to the receiver, whereas plain-SPF does. A lot of places are already rejecting email from Hotmail, Gmail, and other big players when a SPF check softfails on them, because 99.99999999% of those are phising/spam emails. You could not do the same with YAHOO.COM, as they did not have an SPF record up in DNS until a few days ago. So obviously phisers/spammers chose to feed on Yahoo, therefore Yahoo saw "an incredible amount of abuse". A clear case of NIH syndrome, if I ever saw one. And now that they finally publish SPF just to do DMARC, it seems they are not doing a good job either (nor following recommended practice of slowly scalating DMARC and checking the results in the process step by step). Regards, J.Gomez _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
