Print

Print


One comment from a ListServ owner:

There is a great quote by Eric Thomas, the author of the popular LISTSERV
package, which sums up what is going on fairly well:

  "Contrary to popular belief, DMARC is not a new Internet standard. It's
   a pack of 800-pound gorillas who got together and decided to change the
   way email works just because they can and because they have a vested
   interest. And they use the word 'spam' to justify their actions like
   others use the word 'terrorism'. But DMARC will do absolutely nothing
   to reduce the amount of spam in people's inboxes. All it does is
   prevent spammers from using a yahoo.com or aol.com account as their
   sender addresses, and I doubt any spammers are losing sleep over this."

(Especially since the spammers will just hijack people's legitimate AOL or
Yahoo accounts instead and send spam through official channels, like we see
every so often on the [redacted] list.)

Anyhow, I now have a strategy for dealing with this. The basic idea is that
AOL (and friends) don't like to accept messages with an AOL »From:« address,
so what we do is rewrite the »From:« address of AOL (and friends) subscribers
to look like a [redacted] address. That is, instead of

  From: John Doe <[log in to unmask]>

the list will use

  From: John Doe <[redacted]+dmarc-johndoe=aol.com@[redacted].org>

when redistributing messages from AOL-based subscribers, which (a) is no
longer something AOL can refuse, because it doesn't use the »aol.com« domain,
and (b) still makes it possible to send private replies to John Doe if you use
a broken e-mail program that looks at the »From:« header for the reply address
(because my mail server will forward such messages). This rewriting scheme is
butt-ugly but it will only be applied to subscribers based at ISPs that use
DMARC in enforcing mode, who don't deserve better ;^)

If you look at the DMARC specification (which isn't actually finished yet, not
that a little thing like that would keep the likes of AOL from stuffing it
down our throats) you will find that they have elaborate provisions about how
everyone ought to be doing it and so on, including fancy detailed rules about
how I should actually spend time and effort in order to *tell* AOL when I
receive mail that looks like it is from AOL but isn't, etc. Eric Thomas's
comparison of DMARC to the »war on terror« is actually pretty apt, along the
lines of »Something must be done about spam, DMARC is something, hence we must
all use DMARC«. I'll hopefully find time soon to implement the strategy
outlined above (30 lines or so of Perl should do it), and then we may be fine
for the time being, until AOL (& friends) come up with the next daft method of
breaking everyone's mailing lists. (Seriously people, move to Google Mail
already.)

[redacted]

On 13/05/2014, CJB <[log in to unmask]> wrote:
> Here's a good explanation of the Yahoo snafu re: DMARC and what to do about
> it.
>
> http://www.spamresource.com/2014/04/run-email-discussion-list-heres-how-to.html
>
> Chris B.
>