Jim Popovitch writes: > On Thu, Jun 12, 2014 at 10:18 AM, John Levine <[email protected]> wrote: > > > * Forwarding signature > > It seems to me that a non-DMARC subdomain, for users, would be easier and > better for all..
No, the mailbox providers already can do that and it's not because they were caught with their shorts down that they didn't. They really really mean "p=reject" for users. A senior admin at Yahoo! was very clear on damrc@ietf that they want their vanilla users covered by "p=reject" because the threat model (which is not phishing, it's "recommended by friend" spam) involves user mailboxes. She also said that (as of a week ago) the attack based on stolen contact lists was continuing to flood their incoming MXes, despite over a month of "p=reject" (contrary to AOL's claims that "p=reject" stopped the attack). No explanation has been given why the spammers are continuing to spend their resources on the attack. > > * Submit and sign > > > > Oh god, NO! Oh, c'mon, Jim. This is just the evil kind of thing we *want* to do to AOL! _______________________________________________ Mailman-Developers mailing list [email protected] https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
