FWIW, we at Comcast just posted on this subject on our Postmaster page at
http://postmaster.comcast.net/dmarcupdate.html.
- Jason
Pasted here as well:
Background
Comcast recently emplemented the Domain-based Authentication, Reporting, and
Conformance (DMARC)<http://dmarc.org/> specification as a new way to help
prevent phishing messages from reaching our customers’ mailboxes. DMARC enables
a domain to publicly indicate (via DNS) what action should be taken for mail
claiming to be from that domain that does not pass authentication and get
reports about phishing and spam messages that did not come from approved mail
servers.
Recent History
Recently, the policies that AOL and Yahoo published instructed mail servers
that use DMARC to reject mail if it claims to be from aol.com or yahoo.com but
failed authentication – meaning the mail did not originate from an approved
mail server run by AOL or Yahoo, respectively. This has reportedly caused
issues for some people using AOL or Yahoo addresses with email discussion lists
and other mail sending tools. More information from AOL was posted
here<http://postmaster-blog.aol.com/2014/04/22/aol-mail-updates-dmarc-policy-to-reject/>.
While AOL and Yahoo may be addressing spam and phishing issues in making this
change, it does not yet appear to be typical DMARC usage. We have been asked
whether Comcast plans to make similar changes soon, and we can confirm we have
no such plans.
Comcast’s Future DMARC Plans
To help us improve our detection of those who use the comcast.net domain
maliciously we have published a DMARC record for comcast.net, but that change
WILL NOT disrupt legitimate messaging. This policy will not ask other services
to reject messages that did not originate from us, but rather report those
instances to us for research. We will also publish DMARC reject policies in the
coming months for the domains used by our Xfinity Billing, Xfinity Home, and
Customer Security Assurance notifications. These originate from specific
domains and servers that we maintain. This will not negatively affect email
discussion lists but will help us prevent some of phishing messages that might
attempt to target our customers.
If You Have Been Negatively Affected by AOL’s and Yahoo’s Changes
If you are an Xfinity Internet customer, use an AOL or Yahoo email account
regularly, and are having problems getting email from email discussion lists or
other tools at those addresses, we invite you consider activating or using your
comcast.net email account.
To signup, add, or change your email account - Click
Here<http://customer.comcast.com/help-and-support/internet/stay-connected-with-email/>
Once your email address is registered, you can access it in several ways:
For webmail users - Click
Here<http://customer.comcast.com/help-and-support/internet/using-xfinity-connect-for-comcast-email/>
For email client users - Click
Here<http://customer.comcast.com/help-and-support/internet/email-client-programs-with-xfinity-email/>
For mobile email users - Click
Here<http://customer.comcast.com/help-and-support/internet/comcast-email-mobile-devices/>
On 4/29/14, 10:39 AM, "John C Klensin"
<john-ietf(_at_)jck(_dot_)com<mailto:john-ietf(_at_)jck(_dot_)com>> wrote:
An odd, and somewhat nasty, thought...
So far, the two organizations (at least of which I'm aware) that
have made more or less public announcements of their intentions
to use the sort of restrictive policies that cause mailing list
problems are not only large providers of email but also large
providers of online forums, social group discussions, etc. So
are several of the other member-contributor organizations to
dmarc.org. As far as can be observed from the outside, those
forums and discussion groups make considerable contributions to
the bottom lines of those providers -- in most cases, they allow
those organizations to sell advertising and/or to sell their
users and their interest profiles to advertisers. Email, by
contrast, is typically a service they provide in conjunction
with those other services but is not, itself, generally a profit
center.
For many of the users and uses of the extended Internet, mailing
lists are the historical predecessor, and sometimes a
contemporary alternative, to those forums and centralized
"social network" discussions.
If one examines those relationships, there is a case to be made
that the problems they cause to mailing lists is not "collateral
damage" at all. Even if the effects were discovered by
accident, continued use of DMARC with restrictive policies has
the consequence of driving traffic away from mailing lists,
perhaps especially mailing lists operated by smaller providers
and non-profits, toward use of the for-profit systems operated
by those same (to quote another recent comment) "too big to
ignore" operators with a positive effect on their bottom line to
the detriment of other operators and ways of doing things.
Behaviors by large ("dominant", "too big to ignore", etc.)
industry actors that have the effect of driving alternate
solutions or providers out by mechanisms other than fair
competition in the marketplace, especially when those mechanisms
come out of collaborations among such actors, are, if other
conditions are met, rather seriously illegal in many countries.
If intent can be demonstrated, they are even more so.
So, as a purely hypothetical set of questions (I am not
recommending anything), I wonder what would happen if some of
the people who have been claiming they or the general public are
harmed by this would, instead of asking what the IETF can do
about something that is not an IETF Standard, went to their
local "competitiveness" or "antitrust" authorities, explained
the situation and started complaining? I also wonder whether
the IETF and ISOC have, or should seek, legal advice about how
to keep adequate distance between themselves and this situation
should some relevant jurisdiction initiate an investigation or
enforcement action.
Just curious.
john