Jim Popovitch writes:
On Thu, Jun 12, 2014 at 10:18 AM, John Levine <johnl@taugh.com> wrote:
- Forwarding signature
It seems to me that a non-DMARC subdomain, for users, would be easier and better for all..
No, the mailbox providers already can do that and it's not because they were caught with their shorts down that they didn't. They really really mean "p=reject" for users. A senior admin at Yahoo! was very clear on damrc@ietf that they want their vanilla users covered by "p=reject" because the threat model (which is not phishing, it's "recommended by friend" spam) involves user mailboxes.
She also said that (as of a week ago) the attack based on stolen contact lists was continuing to flood their incoming MXes, despite over a month of "p=reject" (contrary to AOL's claims that "p=reject" stopped the attack). No explanation has been given why the spammers are continuing to spend their resources on the attack.
- Submit and sign
Oh god, NO!
Oh, c'mon, Jim. This is just the evil kind of thing we *want* to do to AOL!