On May 19, 2014, at 7:07 PM, Scott Kitterman <scott(_at_)kitterman(_dot_)com>
wrote:
On Monday, May 19, 2014 15:57:28 Doug Ewell wrote:
I'm still working on the logic of a post with Yahoo in its subject line,
which calls out Yahoo 26 times and Google 19 times, then concludes out
of left field that all of this is the fault of Evil Microsoft.
They do reject DMARC fail, which is part of the problem.
To reject or not to reject...
Doing what Yahoo! and AOL requests seems appropriate. Not doing so may carry
some risk. The DMARC specification is fairly clear about the expected action to
be taken. If someone is harmed because a message was not rejected, although
similar messages for other domains are, then who would be at fault?
DMARC combines both SPF and DKIM to limit the number of erroneous results. Of
course, Yahoo! and AOL should have notified their users to unsubscribe from
mailing lists giving them feedback, otherwise messages sent to these lists
might impair subscriptions for other users of different providers.
It is difficult to understand why they selected reject rather than quarantine.
Are they attempting to be ultra safe with respect to follow-on liabilities?
By now their support costs dealing with real harm must have them hemorrhaging
such that complaints about not being able to use a church mailing list has
fairly low priority. Why should anyone else care when the domain making
seemingly erroneous alignment assertions doesn't?
Regards,
Douglas Otis