On Apr 26, 2014, at 4:40 PM, Al Iverson <[email protected]> wrote:
> On Sat, Apr 26, 2014 at 6:12 PM, Steve Atkins <[email protected]> wrote: > >> 1. Causes no harm to end users at email providers who have not published >> DMARC p=reject records. >> >> 2. Complies with the spirit of the published policies of those who are >> publishing DMARC p=reject (loosely, that their users are not allowed to use >> email addresses in their domain for mail sent by third parties) >> >> That is to set up your mail system such that if you receive an email that >> you are going to resend (via a forward, or via a mailing list) and that >> email is from a domain that is publishing DMARC p=reject records, and you >> cannot *guarantee* that any DKIM signature on the inbound email will not be >> invalidated by the time the email reaches it's final recipient, you should >> reject that email. >> >> A simpler, and only marginally less accurate, approach to that is to reject >> all mail to mailing lists or forwarders from any domain that publishes DMARC >> p=reject. As of today, blocking that mail from a small fixed group of >> domains that are known to both publish DMARC p=reject and to have users who >> send 1:1 email will be just as good, and easier to set up. >> >> In order to mitigate your support overheads, the rejection should probably >> explain to the sender of the email that their ISP has put restrictions on >> their use of the email address and does not permit them to send email to the >> recipient they're trying to contact, and suggest they contact their ISP to >> have those restrictions removed. > > This really just leaves his customer stuck in the middle; he would be > setting it up to turn away people trying to mail his customer. It's a > fine solution for a hobbyist scenario where you can just go "screw > that, I don't want to deal with any of this," but if it's a case where > he has customers that he actually wants to keep, it's not very good > advice. The only recipient addresses it would affect would be mailing lists (and it would only affect a small subset of mail going through those). And you can't fix typical mailing lists 100% in any way that doesn't violate either (1) or (2) above. For the remaining fraction it's a perfectly reasonable business decision to go "Yahoo's published email policies are inconvenient to me, so I'm going to put things in my email headers so that I won't be caught by automated filters when I violate them. And that's OK.", but I don't think it's a particularly good thing for DMARC or email abuse mitigation Cheers, Steve _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
