I'm a bit out-of-step on current email practice, so for the benefit of other who don't swim in the SMTP stream, I'll quote from the PCWORLD article mentioned:
The problem is a new DMARC (Domain-based Message Authentication, Reporting and Conformance) “reject” policy advertised by Yahoo to third-party email servers, said John Levine, a long-time email infrastructure consultant and president of the Coalition Against Unsolicited Commercial Email (CAUCE), in a message sent to the Internet Engineering Task Force (IETF) mailing list Monday. > > >DMARC is a technical specification for implementing the SPF (Sender Policy >Framework) and DKIM (DomainKeys Identified Mail) email validation and >authentication mechanisms. These technologies were designed to prevent email >address spoofing commonly used in spam and phishing attacks. > > >The goal of DMARC is to achieve a uniform implementation of SPF and DKIM among >the top email service providers and other companies that want to benefit from >email validation. > > >The specification introduces the concept of aligned identifiers, which >requires the SPF or DKIM validation domains to be the same as or sub-domains >of the domain for the email address in the “from” field. The domain owners can >use a DMARC policy setting called “p=" to tell receiving email servers what >should happen if the DMARC check fails. The possible values for this setting >can be "none” or “reject.” > > >Over the weekend Yahoo published a DMARC record with “p=reject” essentially >telling all receiving email servers to reject emails from yahoo.com addresses >that don’t originate from its servers, Levine said. > > >While this is a good thing from an anti-spoofing perspective, it raises >problems for legitimate mailing lists, according to the email expert. > > >“Lists invariably use their own bounce address in their own domain, so the SPF >doesn’t match,” Levine said. “Lists generally modify messages via subject >tags, body footers, attachment stripping, and other useful features that break >the DKIM signature. So on even the most legitimate list mail like, say, the >IETF’s, most of the mail fails the DMARC assertions, not due to the lists >doing anything ‘wrong’.” > > >With the new policy, when a Yahoo user sends an email to a mailing list, the >list’s server distributes that message to all subscribers, changing the >headers and breaking DMARC validation. List subscribers with email accounts on >servers that perform DMARC checks, such as Gmail, Hotmail (Outlook.com), >Comcast or Yahoo itself, will reject the original message and respond back to >the list with automated DMARC error messages. > >I don't think the "blowback" problem applies to the BLU, since (IIRC), the >Mailman server diverts any administrative messages. However, other (smaller) >lists may be affected, and there's the real risk that YaGooHotCast will all >start rejecting each others' mail. On Friday, May 16, 2014 9:04 AM, Edward Ned Harvey (blu) <[email protected]> wrote: > From: [email protected] [mailto:discuss- > [email protected]] On Behalf Of Stephen Ronan > > "You may notice a small difference in the From field on list > messages from these senders (and now from AOL senders too), in > which the sender's actual email address no longer appears, > replaced by the address of the list itself. That is the sympa equivalent of mailman "from_is_list" reply-to munging. http://wiki.list.org/display/DEV/DMARC Which seems to be the mailman recommended solution. _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss Of course, there's an unspoken reality here: YaGooHotCast administrators are only human, and this might be a reaction to the ever-growing tsunami of spam they have to deal with every day. Given the lack of a FUSSP, the users may be demanding that they do /anything/ instead of just /something/. Bill Horne P.S. Full disclosure: I've known John Levine for years. He provides invaluable support for the Telecom Digest, where I'm the Moderator. _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
