On May 2, 2014, at 6:28 PM, Terry Zink <[email protected]> wrote:
> > Given that large email providers like Yahoo and AOL do publish p=reject > records, how is the rest of the email community going to deal mailing lists > and other legitimate cases that fail DMARC? It's not enough to say "Yahoo and > AOL shouldn't be doing it." That ship has sailed. The question now is what > can we do to improve user experience? Several answers have been proposed: > > 1. Do nothing and let domains that publish p=reject live with the consequences > 2. Don't permit domains with p=reject onto mailing lists > 3. Mailing lists should reformat the message to prevent DMARC failures > 4. Email receivers should be selective about how they enforce p=reject - send > it to Junk or even skip enforcing it from known good emailing lists > 5. Extend DMARC so that it supports mailing lists > 6. Something else? > > These each have their pros and cons but it seems to me that working to > support p=reject with mailing lists is a net benefit to everyone. > I find 3 totally unacceptable. It is Yahoo (and AOL)’s problem. They have pushed the expense and time of solving the phishing problem THEY created off onto ME as a listserv site manager. Other ISPs (even free ones) do not have a phishing problem. I’ve never gotten a phishing email from a gmail account. So there ARE solutions to the problem that do not break 30,000 list servers (using Yahoo’s numbers - I believe it is much higher). The cost is not inconsiderable. We have a stable listserv license, but have dropped maintenance. L-Soft HAS a fix of sorts, munging the FROM field, but it is only available for those on maintenance and those who upgrade to the current version. We operate a co-op server supporting not-for-profit organizations. Our annual operating budget is under $1,000. To upgrade to the latest version of listserv would cost us $10,000. The alternative is to switch to mailman. Once it has a viable solution (there are a few proposed solutions, none perfect, and none out of beta). This would require weeks of work by our volunteer staff to migrate and test all of our lists. Yahoo isn’t going to pay our costs to upgrade listserv, and isn’t going to pay for our volunteer’s time. Our current solution is to move all Yahoo and AOL list members to Moderated. When they post we ask them to switch to another ISP. Temporarily we will manually repost their messages. So essentially we have chosen 2. 4 would be appropriate; it is what Gmail, Verizon and a few others do. 5 would be ideal. the real problem is that too many ISPs do take p=reject as gospel: AT&T, SBCGlobal, Comcast, Hotmail, Rogers, AOL, Yahoo and any that piggy-back on these. best regards, Larry Site manager, HMSSurprise.org/portadmiral.org -- Larry Finch [email protected] _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
