On 6/3/14, 4:26 AM, "Stephen J. Turnbull" <step...@xemacs.org> wrote:
>Elizabeth Zwicky writes: > > > At this point, I do not see going to p=quarantine in the hope > > that attackers won't exploit data they already have exactly the same > > way > >Has Yahoo! has already tried 'p=quarantine', or is that merely your >expert opinion? (Nothing against expertise, but "experiment" beats >"expertise" 10 letters to 9 in my dictionary.) > >Obviously, there is a risk to Yahoo! in experimenting. That risk is not one my management team is willing to accept. But I do, in fact, have data, and that data tells me that the attackers forging our users based on stolen addressbooks have never stopped; we are still blocking them now. So I don't need to turn on p=quarantine to see what will happen -- I know at least one thing that will happen. The only question is how the volume will change. By the way, yahoo.co.jp is an independent company with a separate mail system and a separate account database. Elizabeth Zwicky zwi...@yahoo-inc.com _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc