How dare Yahoo update their DMARC policy without warning the internet community of the potential fallout from doing so. At least, that's what some other folks have said. My take on it is more prosaic. I figure it's your domain name, you're free to do whatever you want with it. Initially, Yahoo made no statement, leaving us interested folks with nothing but our own speculation about why they've implemented this policy change. (They did later post a limited DMARC Help page and then also a more detailed statement explaining the change.) Here's my speculation.
But even though they didn't really provide an explanation, I can see why they did make the change in question. This chart helps to explain. It shows my very rough estimate of the ratio of spam to legitimate discussion mail that's been affected. Literally many billions of email messages float out there throughout the internet, using fake Yahoo.com from addresses (and fake Hotmail/Outlook, AOL, Gmail, etc. from addresses as well). Being able to simply update a DNS record, and suddenly at least half of the top mailbox providers immediately start rejecting a big chunk of those malicious and unwanted messages.
In that context, the affected legitimate mail amounts to no more than a rounding error.
So while it's very frustrating for mailing list operators to have to change how their software works, let's not forget that this quickly and very successfully interferes with a broadly used spam and malware attack vector. For somebody like me, who cares a lot about stopping spam, I think that's a really good thing.
I agree with the argument from trade-offs. By looking at the cost of not doing this, Yahoo's users are subject to abuse. They are susceptible to spam and phishing and these cause a very serious impact.
ReplyDeleteBy contrast, this does break mailing lists if they don't implement workarounds.
Yahoo decided that the cost of malicious content outweighed the cost of not getting legitimate email for a corner case, whereas the phishing case is much more widespread.
Exactly. Every change to anything ever has some sort of trade off, and sometimes it's really just a simple matter of comparing the ups and downs and seeing which is more valuable.
ReplyDeleteJust curious, is that chart based on data you have, or is it a guess?
ReplyDelete