Vlatko - On 4/17/14 11:32 AM, Vlatko Salaj wrote:
[ snip ] > so, my domain-email sent from yahoo mail isn't aligned. however, it is > legitimate, it is DKIM-signed and it has proper SPF. > > out of my 15 small-business customers, 12 use exactly this usage scenario. > usually google. and when i said it would be a problem, that was not the best > way, trying to force them to send mail through their own server, they didn't > want to hear it. > > and i imagine, it is a pretty common practice in the wild for small players. > I see your use case, and why the alignment issue is problematic. And you've prompted me to wonder if we need to layer in the concept of "authorized use" in addition to how we've been talking about technical email authentication. In this flow, your email is authenticating with SPF and DKIM, but you're running into an issue where Yahoo no longer authorizes their domain to be used in that flow. To start, we need to agree that a domain owner is permitted to authorize how it's domain can be used. Then, when a domain owner publishes a DMARC record, they're announcing to the world that their domain can only be used to send email in a specific way (i.e. "aligned"). It's this concept of authorized use that we may be missing in the conversation. Heavily abused domain owners have empirical evidence to prove that alignment is a key factor to blocking spoofed domain abuse. And they are now in a position to authorize those methods they determined to be less susceptible to abuse. That's not to say that other uses are invalid, just that they fall outside what the domain owner is authorizing. And, in the use cases you're suggesting, it sounds like mailbox providers such as Yahoo are telling the world, "Due to being heavily abused, we are no longer authorizing the practice of using our domains in that way." I'm not sure that gets us closer to a workable solution, but perhaps the shift in perception helps shake loose some ideas. HTH, Trent -- J. Trent Adams Profile: http://www.mediaslate.org/jtrentadams/ LinkedIN: http://www.linkedin.com/in/jtrentadams Twitter: http://twitter.com/jtrentadams _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
