I want to thank John (and others, off list) for their suggestions, but I'd really like to keep the technical stuff here to a minimum, and keep the list for Origami-related stuff if we can!
I'm going to send a quick explanation of what's going on (below) but the non-computer folk don't need to concern yourself with the details if you don't wish to. We'll try to figure out a way to make the list work (or come up with some other option - and, yes, we know there are forum systems out there, don't bother suggesting them *here*, send stuff off list if you would) but for now let's keep the discussion about origami and not the inner workings of email systems. So: non-fellow-computing-folk - go fold something. Please. :) Anyone who cares about the weenie-level stuff: On Thu, Apr 24, 2014 at 1:19 PM, John Scully <[email protected]> wrote: > Ann said: > I am off to figure out some way around this. It is not going to be pretty, > and is most likely going to necessitate changes in everyone's behavior and > how you interact with the list. Sorry! > > Ann, we all feel for you. What a mess. This must be effecting hundreds of > other mailing lists as well. Looks like Yahoo and AOL are trying to commit > suicide. Everyone could just get a gmail account. Free and they seem to not > have these problems. Except that the security tool/standard that is involved (something called DMARC) is likely to continue to get adopted, and used more strictly, by more and more ISPs. At the moment we believe it's just Yahoo and AOL's actions that are causing the mess, but if more were to behave similarly, mailing lists will stop working altogether. We are running up against some of the fundamental insecurities in mail and mailing list systems, here, and I fear a massive shift is coming, and sooner rather than later. Which is a bummer, because I continue to believe that email as a discussion mechanism is still worthwhile, and creates a different environment than a forum or a social media page/topic/whatever. The specific problem right now is that both Yahoo and AOL are asserting that all mail that says it is "from" {someone}@yahoo or {someone}@aol will come, and only come, directly from one of their servers. Mailing lists, of course, take mail from one person and then send it on, *on behalf of* the original sender. The mail says it's "from" one account/server, but actually comes to the end user via an unrelated machine (the mailing list server.) If you look at mailing list mail through anti-spam glasses, then it looks an awful lot like mail sent from one place *through* another, a great tactic for trying to make spam mail look legitimate by faking its source. Historically, all of the information about which machines actually touch a message as it is sent along is kept intact in the message. Most mail applications hide this information from users, but it's all there in the header. Yahoo and AOL are asserting that nothing but their machines (or locations they trust, like their users' own desktop machines) will leave their fingerprints along the way. There is a setting in Mailman (our mailing list server software) which will strip out all the "from" information and replace it with the list information (that is, the mail will appear to be "from" someone named "origami", email address "[email protected]") but does not scrub all possible machine fingerprints from the header, and so I'm not yet certain that it will get past these new DMARC filters. There is also a new version of Mailman out there which tries to patch some of this, but honestly I'm not sure that it's good enough, either. Off-list suggestions and thoughts welcome, Anne
