DMARC -> CERT?

Jim Popovitch jimpop at gmail.com
Thu Apr 17 04:40:11 UTC 2014


On Thu, Apr 17, 2014 at 12:19 AM, Private Sender <nobody at snovc.com> wrote:

> On 04/14/2014 03:47 PM, Jim Popovitch wrote:
> > On Mon, Apr 14, 2014 at 6:21 PM, Scott Howard <scott at doc.net.au> wrote:
> >> On Mon, Apr 14, 2014 at 2:59 PM, Jim Popovitch <jimpop at gmail.com>
> wrote:
> >>> 7-April: Monday, Yahoo's dmarc change kicks everyone in the groin, the
> >>> last full week before the US tax filing deadline.
> >>
> >> The change was made on the previous Friday, so that date is largely
> >> irrelevant.
> >>
> >>> 7-April: OpenSSL's *public* advisory (after a full week of private
> >>> notifications, of which yahoo surely was one tech company in on the
> >>> early notifications)
> >>
> >> Given that many of their main services were vulnerable at the time of
> public
> >> disclosure, I think that's a very large assumption to make...
> >>
> >> If nothing else, I suspect the odds of it being known by the same people
> >> that made the DMARC decision/changes is low.
> > I think you are right on that, but that doesn't change the fact that
> > the sum of those things overburdened a lot of mailinglist operators.
> > It is what it is, and the press has covered it and mailinglists are
> > blocking/unsub'ing yahoo accounts in order to cope.
> >
> > -Jim P.
> >
>
> I'm sorry but is there a fundamental misunderstanding of dmarc going on
> in this thread? Yahoo doesn't want you to be able to send "@yahoo.com"
> email from anything other than THEIR servers which contain the private
> key that corresponds to their DKIM implementation, and conversely dmarc.
> "p=reject" tells the receiving domain to reject the message if it isn't
> signed by the private key that corresponds with the public key that is
> in the dkim txt record for "yahoo.com"
>
> Isn't this the whole point of dmarc? Stop spammers from sending email
> with "@yahoo.com" that doesn't originate from a valid yahoo email server.
>

Yes, but @yahoo.com is a bad example because it delivers user originated
content.


> Yahoo's implementation of dmarc is working as intended.
>

Are you also speaking for all yahoo uses when you declare that they should
no longer be able to participate on mailinglists?


> Stealing someones password, and logging into their yahoo mail account
> and spamming isn't going to matter to dmarc. The mail originated from
> yahoo, and it was an authenticated user; the mail will be signed with
> the DKIM key, it will be accepted by the receiving domain (unless the
> email address is blacklisted by the receiving domain).
>

But, but, but.... Yahoo implemented DMARC to supposedly stop Spam...(which
ironically others have shown that a lot of spam originates from Yahoo
servers, but I digress)


>
> There is no need to flame a company because they implemented a policy to
> ensure QoS to their customers. Either push your mail through their
> servers, or Just find somewhere else you can push your mailing lists
> through.
>
>
LOL QoS, really?   QoS to me, a yahoo account holder, would be less inbound
spam.

-Jim P.



More information about the NANOG mailing list