thank you, Yahoo
torvalds at linux-foundation.org
Tue Jul 12 14:53:22 PDT 2016
On Wed, Jul 13, 2016 at 6:22 AM, Dirk Hohndel <dirk at hohndel.org> wrote:
> So all the bounces that caused the unsubscribes were DMARC failures.
Yes, but DMARC is just supposed to be about policy, and yahoo policy
is that emails from yahoo.com must have proper DKIM signatures (and/or
So as long as the DKIM signature matches, the DMARC check _should_ be happy too.
There are two main ways to break DKIM signatures:
- not sending the email initially through a yahoo smtp server at all
(so the sender used his own smtp setup that doesn't add the yahoo.com
This is the "you have to use yahoo smtp servers" part, but it
_should_ only affect the original email. Once the email has the proper
signatures from that initial yahoo.com path, it should be able to
traverse through the network and validate fine.
- the email being munged on the way, so that a DKIM signature that
originally *was* valid and set correctly no longer matches.
This tends to be the usual mailing list problem (where mailing
lists add something to the subject line, or like subsurface add
something to the bottom of the mail body).
> Specifically, the From: field was a yahoo.com address, but of course my mail
> server (which sends out the mailing list email) is not a valid sender for
> yahoo.com, so the servers who follow the DMARC reject policy (like Yahoo’s
> own server and those of outlook.com, hotmail.com, and the various Yahoo
> domains I mentioned.
Yes, but the way yahoo _should_ validate the "was it sent from our
severs" is to validate the DKIM signature.
It's of course possible that yahoo does something else too, but the
standard way _should_ work with mailing lists that don't change the
I see this happening with other non-yahoo emails because gmail will
consider a DKIM mis-match to be one of the signs of spam, even if the
DMARC record doesn't say "reject". Linux developers at microsoft.com
and broadcom.com both often end up in my spambox because they have
their own odd email setups in their small Linux groups and didn't get
the right DKIM signature.
But yes, yahoo may be doing this *extra* wrong, and get it wrong even
outside of the standard problems.
But not rewriting the mail body really can help. It could be worth a try.
Of course, there may not be enough yahoo.com email addresses for this
to be worth it, and just saying "don't use yahoo" may be the right
thing to do.
More information about the subsurface