Lindsay Haisley writes: > I've been working with the list admins of one of FMP's hosted lists and > they've seen over 100 addresses unsubscribed from the usual suspects - > yahoo.com, att.net, Comcast, etc., but no Gmail accounts and there are > 228 of them on the list. Nonetheless, the PC World article [...] > lists Gmail as being one of the cooperating email service providers > honoring Yahoo's DMARC p=reject policy.
I wouldn't trust the popular press to be fully accurate. Even one test delivery failure would probably be counted as "honoring", and it's not obvious that you need to specifically test mailing lists, since DMARC doesn't explicitly allow treating different DMARC failures differently. > I've been telling list admins to recommend that subscribers drop > their Yahoo accounts in favor of Gmail. That remains good policy AFAICT. > What's the story here? There are several possibilities. One is that DMARC doesn't define the semantics of "reject". (Why doesn't that surprise me?) Here's what they say: 15.4. Rejecting Messages This proposal calls for rejection of a message during the SMTP session under certain circumstances. This is typically done in one of two ways: o Full rejection, wherein the SMTP server issues a 5xy reply code as an indication to the SMTP client that the transaction failed; the SMTP client is then responsible for generating notification that delivery failed (see Section 4.2.5 of [SMTP]). o A "silent discard", wherein the SMTP server returns a 2xy reply code implying to the client that delivery (or, at least, relay) was successfully completed, but then simply discarding the message with no further action. Each of these has a cost. For instance, a silent discard may prevent "backscatter" (the annoying generation of delivery failure reports, which go back to the RFC5321.MailFrom address, about messages that were fraudulently generated), but effectively means the SMTP server has to be programmed to give a false result, which can confound external debugging efforts. A "silent discard" by Google is consistent with your observation, since no bounce would be generated. However, it is not consistent with Mark's experimental outcome.[1] So apparently, at least in their implementation of DMARC, Google takes their "Don't Be Evil" slogan quite seriously. It is clear to me that the "silent discard" method is the right way to handle a DMARC p=reject policy. Although the receiving MTA is "giving a false result" in some sense, in fact the DMARC-using domain can request a specific failure report which will enable the domain to determine why non-delivery occurred despite an SMTP success. If they don't request such a report, too bad for their users. Note that the "annoyance" mentioned in the 4th paragraph includes denial of service to completely innocent third parties, ie, the DMARC-triggered unsubscribes that have been observed. Footnotes: [1] His message arrived while I was composing this one. ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org