On 07/24/2018 05:20 PM, Grant Taylor via Mailman-Users wrote: > On 07/24/2018 03:16 PM, John Levine wrote: >> Turning it on for aol.com, yahoo.com, and other domains with user >> mailboxes, > > So, are you stating that DMARC should NOT be used on domains that > (predominantly) contain end user mailboxes?
Many of us believe that DMARC was developed for domains such as financial institutions and others in order to combat phishing attacks. The developers of the DMARC standard never intended it to be used by domains that provide email addresses for personal use. >> to outsource the pain of the spam they were getting > > I'm not completely following you. Are you referring to filtering of > inbound email that AOL / Yahoo / etc. were having to do? If so, I don't > see how publishing DMARC effects that. (I assume that they did not need > to publish records to enhance filtering email from themselves.) Or are > you referring to "the pain" as being the push back / flack from the rest > of the email industry for spoofed messages purporting to be from AOL / > Yahoo / etc? The stolen address books were used to send phishing emails purportedly from the owner of the address book the the addresses in the book. I.e., a message From: a_known_fri...@yahoo.com saying things look at this great thing I found and a URL to evilsite.com. > IMHO it has been trivial to harvest email addresses for a LONG time. As > such, I think that address books are simply a convenient list and not > strictly related. Please correct me if I'm wrong. Trivial to harvest addresses, but not trivial to know a known associate to send the mail From:. > Please elaborate on what "the cost" is and entails. Are you referring > to anything more than the fallout of not being able to (easily) forward > email in a DMARC compliant manner? > > I suspect "imposed on innocent bystanders" and "not their problem" can > also be used to describe requiring reverse DNS, SPF, and DKIM. In this context, the innocents are subscribers to mailing lists who find themselves unsubscribed by bounce processing because their ISPs reject list posts From: other_us...@yahoo.com and the operators of those mailing lists. Of course, you seem to feel that these lists were wrong from the beginning for not claiming authorship of the posts by replacing the From: header, but at the time, this wasn't even an option for most lists. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
