[Mailman-Users] non-subscribers getting through--email address in "Real Name"
gtaylor at tnetconsulting.net
Tue Jul 24 20:20:59 EDT 2018
On 07/24/2018 03:16 PM, John Levine wrote:
> Turning it on for aol.com, yahoo.com, and other domains with user
So, are you stating that DMARC should NOT be used on domains that
(predominantly) contain end user mailboxes?
> to outsource the pain of the spam they were getting
I'm not completely following you. Are you referring to filtering of
inbound email that AOL / Yahoo / etc. were having to do? If so, I don't
see how publishing DMARC effects that. (I assume that they did not need
to publish records to enhance filtering email from themselves.) Or are
you referring to "the pain" as being the push back / flack from the rest
of the email industry for spoofed messages purporting to be from AOL /
Yahoo / etc?
> due to letting user address books be stolen.
I don't know about AOL's security posture, but I do have a little idea
about how bad Yahoo's was. - I still don't know that I would say that
they allowed it, as in welcomed it.
IMHO it has been trivial to harvest email addresses for a LONG time. As
such, I think that address books are simply a convenient list and not
strictly related. Please correct me if I'm wrong.
> Right, thereby causing a great deal of entirely legitimate mail that
> DMARC cannot describe to go missing, along with a certain amount of spam.
"legitimate mail that DMARC cannot describe" That sounds distinctly
like a problem with the DMARC specification, /not/ with use there of.
Aside: The (relatively?) recent conversion from analog TV to digital TV
broadcasting in the US comes to mind.
I feel like DMARC requires a paradigm shift in how email is forwarded
and handled by mailing lists. (I'm sure there are some other uses that
I'm forgetting.) Much like the aforementioned conversion from analog TV
to digital TV.
Or similarly the requirement for reverse DNS for mail servers. Personal
opinions aside, it seems as if the email industry has decided that
requiring reverse DNS is a mostly good thing. Or that the good
(slightly) outweighs the bad.
> We've been cleaning up their mess ever since.
I question if the mess is /really/ AOL's or Yahoo's doing, or if instead
the problem was really related to (what I'm going to describe as) a
questionable way of operating that we now must change to play well with
> Yes, they explicitly decided that the costs they imposed on innocent
> bystanders were Not Their Problem.
Please elaborate on what "the cost" is and entails. Are you referring
to anything more than the fallout of not being able to (easily) forward
email in a DMARC compliant manner?
I suspect "imposed on innocent bystanders" and "not their problem" can
also be used to describe requiring reverse DNS, SPF, and DKIM.
Grant. . . .
unix || die
More information about the Mailman-Users