[Mailman-Users] DMARC and Bellsouth, etc.

Stephen J. Turnbull stephen at xemacs.org
Thu Apr 17 20:32:14 CEST 2014 

Lindsay Haisley writes:

 > Stephen, thanks for your generous reply, and your insights.  It
 > does seem to me, though, that when megabucks are riding on
 > additional bandwidth, and if Yahoo is serious about controlling
 > spam, they might start by putting some resources behind putting
 > their own house in order.

Nobody can control spam in the current architecture of Internet mail.
What needs to be done is author identification, that is, digital
signatures.  But that requires cooperation from users, which is
anathema to the freemail providers.  So p=reject, and to a lesser
extent DMARC itself, are basically PR stunts IMO, see below.

 > Someone, maybe it was you, posted on this forum earlier that perhaps 90%
 > or more of spam with a yahoo.com origin (or one of their international
 > DNs) actually _does_ come from Yahoo

Wasn't me.  I don't have that data, and don't know where to get it
offhand.

So maybe it does, but in my spamtrap I have only 67/4359 (1.5%)
messages from Yahoo (based on grepping for "^From:.*yahoo" and
"^From:" respectively), vs. 658/38748 (1.7%) in my saved mail folders.
It seems to me that spam using Yahoo addresses is hardly a big
problem, whether it's spoofed or using throwaway addresses.

 > and that their response to abuse notifications is abysmal to
 > nonexistent.  So it looks to me as if one of two things is
 > happening here.  Either the right hand doesn't know what the left
 > hand is doing (or not doing), or this is a blatant, cynical attack
 > on network neutrality designed to push people toward Yahoo's own
 > list service.

I think the main thing is that the decision-makers (who are basically
business people) see this as a marketing/PR problem.  I don't think
it's an attack on network neutrality per se so much as a PR stunt to
be perceived as "doing something about spam and phishing".  I wonder
if they're not positioning themselves to do something big in finance
or expand in handling payments to vendors who use their e-business
platforms -- which would make a "tough on phishing" stance very
important to them, as it is for banks.

 > Has anyone seen or heard any figures on how much this DMARC fiasco has
 > cost Yahoo in terms of the number of email end-users who have left their
 > service?  Someone mentioned that it was substantial enough to probably
 > get their attention.

I did but that was based on my personal experience, with (as I wrote
elsewhere) users who are not very attached to any particular email
address yet.  I don't see how anybody could get reliable figures,
though, except Yahoo! themselves based on statistical analysis of
outbound traffic and maybe an increase in the number of accounts that
.forward to other accounts.

Steve

More information about the Mailman-Users mailing list