[Mailman-Users] Emails from yahoo members, are getting rejected by yahoo, "Service Unavailable".
Richard Damon
Richard at Damon-Family.org
Tue Apr 15 04:34:33 CEST 2014
On 4/14/14, 8:55 PM, Keith Bierman wrote:
> On Mon, Apr 14, 2014 at 5:54 PM, Jim Popovitch <jimpop at gmail.com> wrote:
>
>> The only true ways to handle dmarc messages (imho) are to reject posts
>> where the poster's domain clearly says to not forward (i.e.
>> p=reject)... OR... totally wrap the poster's email as an attachment
>> and change the From: to something under control of the mailinglist
>> that is sending the email.
>>
>>
> Well, my non-mail expert opinion for whatever it might be worth.
>
> While the process of revising the RFC should have been followed, it does
> seem that they are trying to solve a real problem. Mail should come from
> who it says it comes from, not make it trivial to pretend to be someone one
> isn't.
>
> So why not adopt a standard where the *sender* is always the list? The
> obvious downside is that "reply to poster" stops working, but do these
> "security" tools care if the reply-to is different from sender? if the list
> default is "reply to poster" set the reply to as the original sender, but
> "correctly" identify the message as coming from the mail server automation
> ... not the original sender.
>
> Other than noncompliance to the existing RFC(s), what am I missing?
>
>
> Keith Bierman
> khbkhb at gmail.com
> kbiermank AIM
> 303 997 2749
>
Actually, if you look in the header to a message from the list, it does
say that the "sender" is the list (that is the contents of the Sender:
header).
The Email RFC's define what the various headers are supposed to mean.
From: is the person who ORIGINATED the message (that is not the list).
Sender: is who put the email into the mail stream (which is the list).
Yes, there is a fundamental problem in identity confirmation with the
internet, which is especially a problem with email.
One partial solution is users should be using email programs that show
them things like the Sender field, and some of these can be more easily
checked.
Yes, the way things are setup, there is no way to say that a message
isn't "From" a given person, as the system has no way built in to say
that, but it can let you know that it was sent via some other 3rd party,
and let you decide if it make sense.
It makes sense for some companies (like banks) to say that all email
from them will ALWAYS come via a specific set of paths.
It doesn't make sense for a email provider for the public to say the
same thing, especially AFTER the fact. It would be another thing if
Yahoo, when it started, touted that it was offering an "identity
protection" service where people could know your emails come from you,
with the provision that you had to send all your email via their system
and couldn't post to mailing list with that account.
--
Richard Damon
More information about the Mailman-Users
mailing list