[170969] in North American Network Operators' Group
Re: DMARC -> CERT?
daemon@ATHENA.MIT.EDU (Scott Howard)
Mon Apr 14 16:12:13 2014
In-Reply-To: <CAGfsgR01S+yJoYifYAyD-CGTJBh1jsRh_TK9bL3izAVTcLJkjw@mail.gmail.com>
Date: Mon, 14 Apr 2014 13:10:50 -0700
From: Scott Howard <scott@doc.net.au>
To: Jim Popovitch <jimpop@gmail.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, Apr 14, 2014 at 11:24 AM, Jim Popovitch <jimpop@gmail.com> wrote:
> DMARC hasn't cut down on yahoo spam so far. Yahoo's spam problem was
> (is?) centered on account hijacks.
>
I just checked my spam folder for the past month.
Out of about 80 messages "from" Yahoo, I can see about 3 that went via
Yahoo's mail servers. ie, >90% were/would have been blocked using DMARC.
Of course, I'm sure the spammers will simply start changing yahoo.com to
somethingelse.com once they realize - but from Yahoo's perspective, that's
obviously a positive.
Whilst I don't agree with the way that Yahoo has done this (particularly
around communication), I think the end result is only going to be positive.
At a high level it's no different than when people started rejecting mail
from hosts without PTR records, or when ISPs started blocking outbound port
25 - they both caused things to break, and both caused people to have to
take action to fix the brokenness, but in the long run they were both
hugely positive.
Scott
