On Apr 10, 2014, at 9:21 AM, Al Iverson <[email protected]> wrote:
> On Thu, Apr 10, 2014 at 1:04 AM, Roland Turner > <[email protected]> wrote: > >> I am going to assume that Yahoo!'s email people haven't lost their minds and >> - despite the failure to give a heads up - actually did carefully assess the >> impact of the change before making it<snip> > <snip> > Here's another great example of a commercial discussion list provider > responded quickly to implement product changes that allow Yahoo users > to continue to participate in the lists they host: > http://onlinegroups.net/blog/2014/04/10/yahoo-dmarc-better-mailing-list-manager/ > > I bet we'll see lots more of this in the near future. And it's a welcome improvement over the status quo. Starting in January, my posts to one mailing list began to be refused because I publish a DMARC p=reject policy. I admit that I recklessly deployed DMARC, learning empirically exactly what the costs and benefits are. BENEFITS: The bounce messages I used to regularly receive from purported @tnpi.net senders ceased, primarily because 123.com enforces DMARC. The abusers of my domain name are mostly bots in China and their email attempts are rejected before stupid mail servers accept and then bounce them to me (backscatter). COSTS: One year later, I can't send emails to exactly two lists via that domain (one because of a technical block, the other out of respect for the list admins request). That's a cost I pay to prevent the abuse of my domain and the annoyance of backscatter in my inbox. The backscatter I used to get is now pushed onto list admins who get the bounces when they attempt to deliver a message whose DKIM signature they broke. While I'm not particularly delighted to foist that upon them (I too have been managing lists for *decades*), it seems a perfectly reasonable trade off. Domain owners shouldn't be required to tolerate abuse because recalcitrant list owners refuse to *slightly* change how their lists operate. ---------- In spite of the assertions by certain persons that DMARC is unsuitable for domains with human users, I have deployed it for a couple other domains which had persistent email abuse issues. Their abuse issues aren't phishing but rather identity sullying by politically motivated attackers who disagree with their stance on "way too liberal" policy issues. Publishing DMARC records for their domain hasn't stopped the attacks but it did slam the door shut on the email attack vector. Hundreds or thousands of empirical examples like mine would never sway the John Levine's to admit that DMARC is workable and even beneficial to small domain owners. But Yahoo! just did that for us. This move was likely motivated by the benefits Yahoo accrues but the changes they foist onto list admins also makes DMARC far less costly for Domain Owners with human users. Yahoo also paved the way for Google and Microsoft to deploy p=reject policies. Recalcitrant list operators who take the "Stop using Yahoo" tack will be wearing egg facials when that happens. Matt _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
