Re: DMARC -> CERT?

[Jim Popovitch <jimpop () gmail com>]

On Mon, Apr 14, 2014 at 6:21 PM, Scott Howard <scott () doc net au> wrote:
> On Mon, Apr 14, 2014 at 2:59 PM, Jim Popovitch <jimpop () gmail com> wrote:
> > 7-April: Monday, Yahoo's dmarc change kicks everyone in the groin, the
> > last full week before the US tax filing deadline.
>
>
> The change was made on the previous Friday, so that date is largely
> irrelevant.
>
> > 7-April: OpenSSL's *public* advisory (after a full week of private
> > notifications, of which yahoo surely was one tech company in on the
> > early notifications)
>
>
> Given that many of their main services were vulnerable at the time of public
> disclosure, I think that's a very large assumption to make...
>
> If nothing else, I suspect the odds of it being known by the same people
> that made the DMARC decision/changes is low.

I think you are right on that, but that doesn't change the fact that
the sum of those things overburdened a lot of mailinglist operators.
It is what it is, and the press has covered it and mailinglists are
blocking/unsub'ing yahoo accounts in order to cope.

-Jim P.