In article <78baab65-f7d3-ce56-bc36-a16a15118...@spamtrap.tnetconsulting.net> you write: >> If AOL and Yahoo just used the quarantine option for DMARC, it wouldn’t >> have been quite as bad. But they ABUSED DMARC by their settings. > >I still don't grok what you are considering "abuse" in this context? > >Rather than speculating, please clarify what the abusive activity was.
Turning it on for aol.com, yahoo.com, and other domains with user mailboxes, to outsource the pain of the spam they were getting due to letting user address books be stolen. >My understanding is that AOL and Yahoo leveraged DMARC to expressly >identify messages that originated from AOL and Yahoo. Or said another >way, they leveraged DMARC to make it easy for receiving servers to >identify messages that are not being sent from AOL or Yahoo servers >/during/ that current SMTP transaction. Right, thereby causing a great deal of entirely legitimate mail that DMARC cannot describe to go missing, along with a certain amount of spam. We've been cleaning up their mess ever since. R's, John PS: >Did they do so knowing that there would likely be a problem with >traditional .forward(ing) and mailing lists? Quite likely. Was an >internal business decision made that publishing such information and >dealing with the ramifications of .forward(ing) and mailing lists more >important than allowing bad actors to continue pretending to be AOL or >Yahoo? Extremely likely. Yes, they explicitly decided that the costs they imposed on innocent bystanders were Not Their Problem. ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
