Re: DMARC and yahoo

On Tue, Apr 15, 2014 at 10:23:22PM -0400, Michael Richardson wrote:

So, as a WG chair, a person known to me just tried to post to the list
From a brand new yahoo.com mail account.  They aren't subscribed with that
address.  I would normally just approve, and add them...

It seems to me that I must now actually reject, because it would affect other
subscribers.

I'm now thinking that we need to remove all the @yahoo.com addresses from
posting to ietf mailing lists.


So on my mailman configuration (which I believe is the default), if
alice(_at_)hotmail(_dot_)com receives 5 hard fail bounces she will get
automatically suspended from the mailing list.  So a single e-mail
from a @yahoo.com address won't cause damage, and if seven days go by
without any further bounce messages, the "bounce counter" gets reset
to zero.  The problem comes if you have many e-mail messages from
yahoo.com users (which according to yahoo and the DMARC cheerleaders,
shouldn't happen happen, because mailing list traffic is
"insignificant" :-).

So this is what I've done on my church mailman setup.  First of all,
I've disabled bounce processing, so even if a yahoo.com posting slips
by, it won't do any damage.  (It does mean more bounce mail will end
up going to the list-owner address, which I'll then have to manually
deal with, but as a short-term hack, I'm willing to live with it).
Secondly, I've taken all of the yahoo.com users, and set the
moderation bit, so if they do send e-mail, it will be held for
moderation.

I can then manually cut and paste their e-mail and send it to them on
their behalf.  Unfortunately, about 25% of my church's governing board
is using Yahoo, and so this is something I was willing to do as a
short-term remediation, since I didn't want to just bounce their
e-mail or let their e-mail cause other Vestry members to be removed
from the mailing list.

In the long-term, I'm going to try to convince some of them to move to
another mail provider, or at least use another mail provider for
church business.  I'll also try to see if I can get a patch to mailman
so it will do the "username(_at_)yahoo(_dot_)com" -> 
"username(_at_)yahoo(_dot_)com.INVALID"
from header rewrite.  But that's not something I can do on short
notice, since this is a rather busy week for me.

I don't know what the ietf.org secretariat should do.  My short-term
remediations aren't very scalable, so what works for a small church
probably wouldn't work for the entire IETF.

What a mess.

                                                        - Ted

<Prev in Thread]	Current Thread	[Next in Thread>
RE: What I've been wondering about the DMARC problem, (continued) RE: What I've been wondering about the DMARC problem, MH Michael Hammer (5304) Re: What I've been wondering about the DMARC problem, Brian E Carpenter Re: DMARC and yahoo, Doug Royer Re: DMARC and yahoo, Theodore Ts'o Re[2]: DMARC and yahoo, mohammed serrhini Re: DMARC and yahoo, Doug Royer Re: DMARC and yahoo, Theodore Ts'o Re: DMARC and yahoo, Doug Royer Re: DMARC and yahoo, Theodore Ts'o Re: DMARC and yahoo, Michael Richardson Re: DMARC and yahoo, Theodore Ts'o <= Re: DMARC and yahoo, Jeffrey Altman Re: DMARC and yahoo, John Levine Re: DMARC and yahoo, Hector Santos Re: DMARC and yahoo, John C Klensin Re: DMARC and yahoo, Brian E Carpenter Re: DMARC and yahoo, Doug Royer Re: DMARC and yahoo, Theodore Ts'o Re: DMARC and yahoo, Brian E Carpenter Re: DMARC and yahoo, Dave Crocker Re: DMARC and yahoo, Doug Barton