D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] List Changes


On Fri, Feb 17, 2017 at 07:39:31PM +0000, Alex Charrett via list wrote:
> >however on a note relating to yahoo it has apparently been hacked again.
> >So if no one is using yahoo or aol surely we can go back to the previous
> >settings and encourage people to use alternative services for e-mail.
> The other side of the coin is that Yahoo! have been well involved in
> driving both standards and adoption of sender authentication methods
> over the years, and it's really not just them who have deployed

This is true, but Yahoo and AOL have set a more strict DMARC policy than
many other large senders. They basically tell any mail server: if you
see an email that pretends to come from us (i.e. has a Yahoo or AOL
email address in the From: header) and you can't verify the DKIM
signature, then block it as spam.

Mailing lists, by adding a footer and often modifying the header, break
DKIM, that's why this is an issue.

It all boils down to the fact that email was designed when the internet
was so small, you could just trust that what it said in the From: header
was correct.

> Forwarding of emails by third parties (such as mailing lists and
> people who sell domains and do email forwarding) is certainly a
> challenge for sender authentication.  It would be great if SRS was
> more widley adopted, but that will rewrite the envelope too.
> https://en.wikipedia.org/wiki/Sender_Rewriting_Scheme

I don't think this would help with these DMARC issues. SRS is more of an
SPF thing.


The Mailing List for the Devon & Cornwall LUG
FAQ: http://www.dcglug.org.uk/listfaq