nanog mailing list archives
Re: Bounce action notifications - NANOG mailing list changes yahoo.com users
From: Steve Atkins <steve () blighty com>
Date: Fri, 10 Oct 2014 09:53:56 -0700
On Oct 10, 2014, at 9:21 AM, Royce Williams <royce () techsolvency com> wrote:
On Fri, Oct 10, 2014 at 7:31 AM, Steve Atkins <steve () blighty com> wrote:If your domain publishes p=reject it should not have any users that participate in mailing lists.Like many, I was pretty unhappy (and busy) with the unilateral changes made by Yahoo and AOL. But this understandable stance may change. Neither of these domains is known for being heavily saturated with geeks. If Gmail started using p=reject, that might shake the tree a little more. But other than providing more warning, what would have been a better way to start eliminating forged senders? Everything I've read indicates that both Yahoo and AOL did this with eyes wide open. Assuming that eliminating forged senders is the end goal, maybe forcing the issue was the only way to move forward? What other theory about their motivation makes sense?
I'm fairly sure that their motivation wasn't anything like that clearly thought through - but their motivation doesn't really matter. Mailing list operators are stuck in the middle, and they have three reasonable choices. One is to rework their mail systems to selectively (or unselectively) replace the From: field. That's a lot of work, and makes the mailing list less usable for all users. (There's discussion in the DMARC IETF groups about redefining 5322 so as to put what is currently in the Sender: field into the From: field and creating a new field, that wouldn't be visible to the user, to contain what is currently in the From: field). Another is to be very, very careful about not breaking DKIM signatures on list mail. That's difficult because the things you have to do or not do change depending on how the submitted mail is signed (and Yahoo in particular have made some signing choices that make it particularly hard). The third option is to reject submissions from domains that publish p=reject (or, probably, p=quarantine), pushing the customer support costs onto those who are publishing p=reject records for users that participate in mailing lists. Cheers, Steve
Current thread:
- Re: Bounce action notifications - NANOG mailing list changes yahoo.com users, (continued)
- Re: Bounce action notifications - NANOG mailing list changes yahoo.com users Rich Kulawiec (Oct 10)
- Re: Bounce action notifications - NANOG mailing list changes yahoo.com users Randy Bush (Oct 10)
- Re: Bounce action notifications - NANOG mailing list changes yahoo.com users Christopher Morrow (Oct 10)
- Re: Bounce action notifications - NANOG mailing list changes yahoo.com users Randy Bush (Oct 10)
- Re: Bounce action notifications - NANOG mailing list changes yahoo.com users Michael Thomas (Oct 10)
- Re: Bounce action notifications - NANOG mailing list changes yahoo.com users Suresh Ramasubramanian (Oct 10)
- Re: Bounce action notifications - NANOG mailing list changes yahoo.com users Rich Kulawiec (Oct 10)
- Re: Bounce action notifications - NANOG mailing list changes yahoo.com users Randy Bush (Oct 10)
- Re: Bounce action notifications - NANOG mailing list changes yahoo.com users Rich Kulawiec (Oct 10)
- Re: Bounce action notifications - NANOG mailing list changes yahoo.com users Steve Atkins (Oct 10)
- Re: Bounce action notifications - NANOG mailing list changes yahoo.com users Royce Williams (Oct 10)
- Re: Bounce action notifications - NANOG mailing list changes yahoo.com users Jim Popovitch (Oct 10)
- Re: Bounce action notifications - NANOG mailing list changes yahoo.com users Steve Atkins (Oct 10)
- Re: Bounce action notifications - NANOG mailing list changes yahoo.com users John Levine (Oct 10)