On Tue, Apr 15, 2014 at 04:56:50PM -0400, Hector Santos wrote:
I think adding temporarily helps and the additional text about DMARC
certainly helps.
But the problem is YAHOO doesn't want you to do this (rewrite).
That's OK, we didn't want Yahoo turning on DMARC p=reject. Life's
tough sometimes.
Case in point, lets say a real bad message got into the list, unsigned,
purported from Yahoo, the 5322.From was rewritten and distributed to other
list users and some of those users were "harmed" in some fashion that it
worth the effort to sue. Guess who would be at legal fault here? Not
YAHOO. They are legally protected. The MLM, who wistfully and intentionally
ignored policy and even went as far to break the security, is now at risk.
The message was unsigned before it hit the mailing list, and it's
unsigned after the mailing list altered the from field. So the
mailing list software did nothing to "break" security in that case.
Furthermore, the from field would be "username(_at_)yahoo(_dot_)com.INVALID".
So
obviously there is nothing that can be said about whether the message
came from a yahoo user or not.
Cheers,
- Ted