On Thu, Apr 17, 2014 at 12:19 AM, Private Sender <nob...@snovc.com> wrote:
> On 04/14/2014 03:47 PM, Jim Popovitch wrote: > > On Mon, Apr 14, 2014 at 6:21 PM, Scott Howard <sc...@doc.net.au> wrote: > >> On Mon, Apr 14, 2014 at 2:59 PM, Jim Popovitch <jim...@gmail.com> > wrote: > >>> 7-April: Monday, Yahoo's dmarc change kicks everyone in the groin, the > >>> last full week before the US tax filing deadline. > >> > >> The change was made on the previous Friday, so that date is largely > >> irrelevant. > >> > >>> 7-April: OpenSSL's *public* advisory (after a full week of private > >>> notifications, of which yahoo surely was one tech company in on the > >>> early notifications) > >> > >> Given that many of their main services were vulnerable at the time of > public > >> disclosure, I think that's a very large assumption to make... > >> > >> If nothing else, I suspect the odds of it being known by the same people > >> that made the DMARC decision/changes is low. > > I think you are right on that, but that doesn't change the fact that > > the sum of those things overburdened a lot of mailinglist operators. > > It is what it is, and the press has covered it and mailinglists are > > blocking/unsub'ing yahoo accounts in order to cope. > > > > -Jim P. > > > > I'm sorry but is there a fundamental misunderstanding of dmarc going on > in this thread? Yahoo doesn't want you to be able to send "@yahoo.com" > email from anything other than THEIR servers which contain the private > key that corresponds to their DKIM implementation, and conversely dmarc. > "p=reject" tells the receiving domain to reject the message if it isn't > signed by the private key that corresponds with the public key that is > in the dkim txt record for "yahoo.com" > > Isn't this the whole point of dmarc? Stop spammers from sending email > with "@yahoo.com" that doesn't originate from a valid yahoo email server. > Yes, but @yahoo.com is a bad example because it delivers user originated content. > Yahoo's implementation of dmarc is working as intended. > Are you also speaking for all yahoo uses when you declare that they should no longer be able to participate on mailinglists? > Stealing someones password, and logging into their yahoo mail account > and spamming isn't going to matter to dmarc. The mail originated from > yahoo, and it was an authenticated user; the mail will be signed with > the DKIM key, it will be accepted by the receiving domain (unless the > email address is blacklisted by the receiving domain). > But, but, but.... Yahoo implemented DMARC to supposedly stop Spam...(which ironically others have shown that a lot of spam originates from Yahoo servers, but I digress) > > There is no need to flame a company because they implemented a policy to > ensure QoS to their customers. Either push your mail through their > servers, or Just find somewhere else you can push your mailing lists > through. > > LOL QoS, really? QoS to me, a yahoo account holder, would be less inbound spam. -Jim P.