[Mailman-Developers] Fixing DMARC problems with .invalid munge

[John R Levine]

> > * Really fixes DMARC problems
>
> That's a matter of opinion.  The DMARC-using domains will disagree, I
> think, as it still means that you are "impersonating" their users (see
> below), and making DMARC ineffective as a means of reducing spam and
> phishing.  But we'll see about that soon enough.

No, I can see that mail using this hack is delivered into my AOL and Yahoo 
accounts.  I know a people at AOL and Yahoo, and they quietly admit that 
screwing up mailing lists was not the goal, it's a side effect of a clumsy 
attempt to clean up after security breaches.  See my blog entry at 
http://jl.ly/Email/aoldmarc.html.  The conspiracy theories about 
Yahoogroups are just that.

> Note that these effects, if operational, tend to hurt everybody on the
> net.  Removing yahoo.com, and other domains with "p=reject" policies,
> entirely from "From" hurts Yahoo! users and people who want to
> communicate with Yahoo! users, but really, the bad effects will stop
> there, I think.

The DMARC cartel includes the largest mailbox providers in the world. 
There may be pockets of the net where you can thumb your nose at them, but 
in the world I live in, people depend on the lists I run, and it is simply 
not an option to tell all the Yahoo and AOL users to go away, much though 
we might think they deserve it.

By the way, in the long run, the plan is to persuade the DMARC crowd to 
mitigate the damage themselves, if not by dropping inappropriate DMARC 
policies, by figuring out how to whitelist the 30,000 (Yahoo's count) list 
and other providers that they've screwed up.  One advantage of this hack 
is that you can just turn it off when you don't need it, much easier than 
the stuff that puts the list address in the From: line which affects 
everyone.

Regards,
John Levine, johnl at taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.