Yahoo DMARC Policy: Why they did it.


How dare Yahoo update their DMARC policy without warning the internet community of the potential fallout from doing so. At least, that's what some other folks have said. My take on it is more prosaic. I figure it's your domain name, you're free to do whatever you want with it. Initially, Yahoo made no statement, leaving us interested folks with nothing but our own speculation about why they've implemented this policy change. (They did later post a limited DMARC Help page and then also a more detailed statement explaining the change.)

Though they didn't really provide an explanation, I can see why they did make the change in question. Thinking of the percentages of mail out there; the ratio of spam to legitimate discussion mail that is being affected by this change. Literally many billions of email messages float out there throughout the internet, using fake Yahoo.com from addresses (and fake Hotmail/Outlook, AOL, Gmail, etc. from addresses as well). They are able to simply update a DNS record, and suddenly at least half of the top mailbox providers immediately start rejecting a big chunk of those malicious and unwanted messages.

In that context, the affected legitimate mail amounts to no more than a rounding error.

So while it's very frustrating for mailing list operators to have to change how their software works, let's not forget that this quickly and very successfully interferes with a broadly used spam and malware attack vector. For somebody like me, who cares a lot about stopping spam, I think that's a really good thing.
Post a Comment

Comments