[writing as one member of the Ubuntu Technical Board] There is currently a technical problem affecting those with @canonical.com addresses using mailing lists hosted at @lists.ubuntu.com. To mitigate the impact, I propose to temporarily block, at mailing list level, emails from @canonical.com reaching @lists.ubuntu.com at all. Even better if Canonical IS could please do this at MTA level.
At the moment, my best understanding of the problem is: 1. @canonical.com sets a DMARC policy. 2. When a @lists.ubuntu.com mailing list distributes an email sent by someone with a @canonical.com address, those emails do not comply with the @canonical.com DMARC policy. 3. When the email infrastructure of a third party subscriber to a @lists.ubuntu.com mailing list receives such an email and enforces the sender's DMARC policy, the email is rejected. As far as I can tell, this includes all mailing list subscribers who use Gmail and Fastmail. 4. The mailing list handler at @lists.ubuntu.com handles the rejection by (eventually) unsubscribing third party subscribes that enforce @canonical.com's own DMARC policy. I understand that there is a Canonical IS ticket open (C192498) that was filed on 25 November and has the details but the problem still continues. As long as this continues, the mailing lists are effectively unusable since they are failing to redistribute emails to third party subscribers in two ways: 1) third party subscribers who enforce sender DMARC policy do not receive emails from @canonical.com senders when they enforce @canonical.com's DMARC policy; and 2) third party subscribers are getting their mailing list deliveries suspended or unsubscribed entirely and when this happens they stop receiving emails from any mailing list sender and not just @canonical.com senders. If we implement the block I suggest, the problem will be migitated such that only @canonical.com aliases are affected. Everyone else will be able to carry on as usual. @canonical.com senders are already effectively excluded from mailing list participation due to their problem DMARC policy, so this would be strictly better than the current situation. In addition, then the @canonical.com senders would receive direct feedback of their email non-deliveries, rather than the current situation where it seems they are not aware of the problem. I'm not aware that @ubuntu.com senders are causing any issue, except that they are still affected by delivery suspension or unsubscription when @canonical.com senders send to the list. If you are a mailing list participant at Canonical and you have an @ubuntu.com alias, I suggest that you use it to minimise damage, and you'd be able to continue using it even with this temporary mitigation in place. Ironically, this message might itself be undeliverable to many subscribers for the same unsubscription reason. Messages do end up in the mailing list archive though, and I'll ensure to point to the other technical board members out of band. If there are no viable alternatives presented, I'll take this action after a week or two for the mailing lists that I have permission to administrate on lists.ubuntu.com, and encourage others to do the same for other mailing lists also hosted there. This sounds drastic so I thought it appropriate to discuss before taking action, particularly since the problem is now months old. I don't think it's as drastic as it sounds though, considering that it would result in strictly better performance than the current situation. Thanks, Robie
signature.asc
Description: PGP signature
-- technical-board mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/technical-board
