On Wed 16 Apr 2014 09:40:11 PM PDT, Jim Popovitch wrote: > On Thu, Apr 17, 2014 at 12:19 AM, Private Sender <nob...@snovc.com> wrote: > >> On 04/14/2014 03:47 PM, Jim Popovitch wrote: >>> On Mon, Apr 14, 2014 at 6:21 PM, Scott Howard <sc...@doc.net.au> wrote: >>>> On Mon, Apr 14, 2014 at 2:59 PM, Jim Popovitch <jim...@gmail.com> >> wrote: >>>>> 7-April: Monday, Yahoo's dmarc change kicks everyone in the groin, the >>>>> last full week before the US tax filing deadline. >>>> >>>> The change was made on the previous Friday, so that date is largely >>>> irrelevant. >>>> >>>>> 7-April: OpenSSL's *public* advisory (after a full week of private >>>>> notifications, of which yahoo surely was one tech company in on the >>>>> early notifications) >>>> >>>> Given that many of their main services were vulnerable at the time of >> public >>>> disclosure, I think that's a very large assumption to make... >>>> >>>> If nothing else, I suspect the odds of it being known by the same people >>>> that made the DMARC decision/changes is low. >>> I think you are right on that, but that doesn't change the fact that >>> the sum of those things overburdened a lot of mailinglist operators. >>> It is what it is, and the press has covered it and mailinglists are >>> blocking/unsub'ing yahoo accounts in order to cope. >>> >>> -Jim P. >>> >> >> I'm sorry but is there a fundamental misunderstanding of dmarc going on >> in this thread? Yahoo doesn't want you to be able to send "@yahoo.com" >> email from anything other than THEIR servers which contain the private >> key that corresponds to their DKIM implementation, and conversely dmarc. >> "p=reject" tells the receiving domain to reject the message if it isn't >> signed by the private key that corresponds with the public key that is >> in the dkim txt record for "yahoo.com" >> >> Isn't this the whole point of dmarc? Stop spammers from sending email >> with "@yahoo.com" that doesn't originate from a valid yahoo email server. >> > > Yes, but @yahoo.com is a bad example because it delivers user originated > content. > > >> Yahoo's implementation of dmarc is working as intended. >> > > Are you also speaking for all yahoo uses when you declare that they should > no longer be able to participate on mailinglists? > > >> Stealing someones password, and logging into their yahoo mail account >> and spamming isn't going to matter to dmarc. The mail originated from >> yahoo, and it was an authenticated user; the mail will be signed with >> the DKIM key, it will be accepted by the receiving domain (unless the >> email address is blacklisted by the receiving domain). >> > > But, but, but.... Yahoo implemented DMARC to supposedly stop Spam...(which > ironically others have shown that a lot of spam originates from Yahoo > servers, but I digress) > > >> >> There is no need to flame a company because they implemented a policy to >> ensure QoS to their customers. Either push your mail through their >> servers, or Just find somewhere else you can push your mailing lists >> through. >> >> > LOL QoS, really? QoS to me, a yahoo account holder, would be less inbound > spam. > > -Jim P.
Well yeah inbound spam filtering would be nice. But they have refused to do anything about if for a better part of a decade. Sadly, they can't control mail originating from other domains (other than mail stating it's from yahoo). Is it possible yahoo doesn't understand how dmarc works? -- -- Bret Taylor