On 6/3/14, 4:26 AM, "Stephen J. Turnbull" <step...@xemacs.org> wrote:
>Elizabeth Zwicky writes:
>
> > At this point, I do not see going to p=quarantine in the hope
> > that attackers won't exploit data they already have exactly the same
> > way
>
>Has Yahoo! has already tried 'p=quarantine', or is that merely your
>expert opinion? (Nothing against expertise, but "experiment" beats
>"expertise" 10 letters to 9 in my dictionary.)
>
>Obviously, there is a risk to Yahoo! in experimenting.
That risk is not one my management team is willing to accept.
But I do, in fact, have data, and that data tells me that the attackers
forging our users based on stolen addressbooks have never stopped; we are
still blocking them now. So I don't need to turn on p=quarantine to see
what will happen -- I know at least one thing that will happen. The only
question is how the volume will change.
By the way, yahoo.co.jp is an independent company with a separate mail
system and a separate account database.
Elizabeth Zwicky
zwi...@yahoo-inc.com
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
