Vako Nicolian writes: > I am surprised that it hasn't popped up yet with you guys,
It didn't "pop up" for us. It blew up, and started a week of sleepless nights and days for thousands of email admins (and a few Mailman developers with a lot of assistance from some DMARC developers), not to mention millions of invoices and other important small business mail getting discarded.[1] Without access to the systems at Yahoo! and friends (which they are *very* serious about not granting to anyone), we can't be 100% sure, but all the evidence you have presented, matched to that history indicates that what you are seeing is a problem with the whole email system *caused by those email providers*. It is not a problem with Mailman, although it is a perennial headache for Mailman admins and for us. When the recipient arbitrarily discards email, there is *nothing* we can do about it -- that's entirely up to the recipient, and to *you* -- you have to configure your email system to *their* specs, we can't do that for you. We can only advise how to make things work somewhat better -- except that they won't tell us (or you) what they're doing so our advice is (somewhat informed) guesswork. Do I sound bitter? Yes, I am very bitter about the whole DMARC abuse fiasco. There is very good reason why many members of this list have zero sympathy for Yahoo! and AOL. I have some sympathy for their users who stick with them, and for their admins who stick with this policy[2]. It *is* generally a very annoying and drawnout task to change your primary email address (especially if you don't get a cooperative forward from the old one), and I can't blame them for being locked in to what was at the time a popular (and still! free! as in beer! service). But I have a short fuse if they start acting entitled about it. > PS: when I reply to this list, it goes only to the poster, shouldn't > it go to the list? No. To be a little more specific than Mark, it's not just a matter of principle. In many cases we request potentially sensitive information from users. The practice of having replies go to poster by default helps prevent accidental publication of such data. It's easy to correct when a post is intended to be public. It's not so easy, and often impossible (the spammers are known to subscribe to mailing lists for various reasons), to correct if such data is published. > I don't have the habit of doing reply all. Some mail clients have a reply-to-list (and if it's not a list, to author) function if that's the behavior you want. Why they don't all have it, you'd have to ask their developers. Steve [1] In April 2014, after Yahoo! and AOL leaked literally a billion users' email contact lists to spammers, their response was to repurpose the DMARC p=reject policy (originally intended to protect clients of banks and other businesses from phishing and other fraud, where mail "on behalf of" a principal is obviously not a thing) to protect their users from targeted "mail from a friend" spear-phishing attacks (but not the rest of the Internet! -- which has nevertheless survived despite not abusing "p=reject"). This had the side effect of a massive denial-of-service attack on their own users, as mailing lists, invoices from third-party accounting firms on behalf of businesses using AOL or Yahoo! addresses to their customers at those domains, and several other common forms of "on behalf of" email were silently discarded by the billions by AOL and Yahoo! -- which practice continues today, as your subscribers have discovered. Of course, Yahoo! and AOL refuse to take responsibility for this, and allow their users to blame others. I think the part of the idea was to encourage their users to use Yahoo Groups! and AOL chats rather than third party mailing lists, but that didn't work out for them. [2] My understanding is that the email admins at those sites did their jobs. Yahoo! admins claimed that they were facing spam campaigns that peaked at 1 million messages per *minute*. The vulnerability was other parts of the business that had access to these databases and the hackers came in through the bathroom window, as it were. ------------------------------------------------------ Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
