[MacPorts] #49787: Mailing list messages not delivered, subscriptions disabled due to Yahoo Mail now requiring DMARC
#49787: Mailing list messages not delivered, subscriptions disabled due to Yahoo Mail now requiring DMARC ----------------------------+--------------------- Reporter: ryandesign@… | Owner: admin@… Type: defect | Status: new Priority: High | Milestone: Component: server/hosting | Version: Keywords: | Port: ----------------------------+--------------------- At 2:29 PM Central time today we received 42 mailing list subscription disabled bounces. They said things like: {{{ 552 l8Eq1r00M0drVCp018ErwH Message fails DMARC verification. }}} {{{ 554 5.7.9 Message not accepted for policy reasons. See https://help.yahoo.com/kb/postmaster/SLN7253.html }}} {{{ 550 5.7.1 The messages violates the DMARC policy of yahoo.com (d8c59a45 -921e-11e5-a822-db253d9e0b64) }}} {{{ 550 5.2.0 l8Eq1r05C0bG8YH018Er6K Message rejected due to DMARC. Please see http://postmaster.comcast.net/smtp-error-codes.php#DM000001 }}} {{{ 550 5.7.0 (COL004-MC6F14) Unfortunately, messages from (17.151.62.25) on behalf of (yahoo.com) could not be delivered due to domain owner policy restrictions. }}} It sounds like Yahoo's mail server now requires messages to be sent in compliance with [https://dmarc.org/ DMARC], and our mailing lists do not do this. The effect is that when a Yahoo Mail user who has subscribed to one of our lists sends a message to the list, it gets sent by our list to the other subscribers. For those subscribers using a mail service that checks DMARC, their mail servers reject the message because the DMARC verification fails because the message was actually sent by our server not by a Yahoo Mail server. This causes the subscriber's mail server to send a bounce back to our mailing list server, and after a few of those, our mailing list server disables the subscriber's subscription. [https://help.yahoo.com/kb/postmaster/SLN7253.html Yahoo's own page on this problem] suggests we "Follow industry standards" and:
change your sending behavior by adding the mailing lists’ address to the "From:" line, rather than the sender’s address. Also, enter the actual user/sender address into the "Reply-To:" line."
I do not believe we should do this, because this contradicts RFC2822 which states:
When the "Reply-To:" field is present, it indicates the mailbox(es) to which the author of the message suggests that replies be sent.
Our mailing list is not the author of the message, so our mailing list may not change the Reply-To line. See also [https://woozle.org/~neale/papers /reply-to-still-harmful.html “Reply-To” Munging Still Considered Harmful. Really.] The [https://dmarc.org/wiki/FAQ#I_operate_a_mailing_list_and_I_want_to_interopera... DMARC FAQ] has an entry about what list operators should do, but there are several choices and I don't know which, if any, are appropriate. -- Ticket URL: <https://trac.macports.org/ticket/49787> MacPorts <https://www.macports.org/> Ports system for OS X
#49787: Mailing list messages not delivered, subscriptions disabled due to Yahoo Mail now requiring DMARC -----------------------------+--------------------- Reporter: ryandesign@… | Owner: admin@… Type: defect | Status: new Priority: High | Milestone: Component: server/hosting | Version: Resolution: | Keywords: Port: | -----------------------------+--------------------- Comment (by jmr@…): Haven't read it all but https://tools.ietf.org/html/rfc6377 covers this topic. -- Ticket URL: <https://trac.macports.org/ticket/49787#comment:1> MacPorts <https://www.macports.org/> Ports system for OS X
#49787: Mailing list messages not delivered, subscriptions disabled due to Yahoo Mail now requiring DMARC -----------------------------+--------------------- Reporter: ryandesign@… | Owner: admin@… Type: defect | Status: new Priority: High | Milestone: Component: server/hosting | Version: Resolution: | Keywords: Port: | -----------------------------+--------------------- Comment (by ryandesign@…): [https://lists.macosforge.org/mailman/listinfo Our mailing lists] are powered by mailman 2.1.12. According to the [http://wiki.list.org/DEV/DMARC mailman DMARC page], we need to upgrade to mailman 2.1.16 to get the from_is_list feature, but it is not recommended. If we upgrade to mailman 2.1.18, we get a better option. The current version is 2.1.20. Better options are planned for mailman 3 which is not yet available. -- Ticket URL: <https://trac.macports.org/ticket/49787#comment:2> MacPorts <https://www.macports.org/> Ports system for OS X
#49787: Mailing list messages not delivered, subscriptions disabled due to Yahoo Mail now requiring DMARC -----------------------------+--------------------- Reporter: ryandesign@… | Owner: admin@… Type: defect | Status: new Priority: High | Milestone: Component: server/hosting | Version: Resolution: | Keywords: Port: | -----------------------------+--------------------- Comment (by jmr@…): Looks like we may be able to avoid the problem by not inserting anything into the subject or message body, too. -- Ticket URL: <https://trac.macports.org/ticket/49787#comment:3> MacPorts <https://www.macports.org/> Ports system for OS X
#49787: Mailing list messages not delivered, subscriptions disabled due to Yahoo Mail now requiring DMARC -----------------------------+--------------------- Reporter: ryandesign@… | Owner: admin@… Type: defect | Status: new Priority: High | Milestone: Component: server/hosting | Version: Resolution: | Keywords: Port: | -----------------------------+--------------------- Comment (by cal@…): I agree, that's what I would have done as well. We can still add the List header to allow people to filter the mails. The message body may actually be modified, depending on which fields the DMARC signature covers. -- Ticket URL: <https://trac.macports.org/ticket/49787#comment:4> MacPorts <https://www.macports.org/> Ports system for OS X
#49787: Mailing list messages not delivered, subscriptions disabled due to Yahoo Mail now requiring DMARC -----------------------------+--------------------- Reporter: ryandesign@… | Owner: admin@… Type: defect | Status: new Priority: High | Milestone: Component: server/hosting | Version: Resolution: | Keywords: Port: | -----------------------------+--------------------- Comment (by jmr@…): Can we just turn off subject line tagging and footers for now? -- Ticket URL: <https://trac.macports.org/ticket/49787#comment:7> MacPorts <https://www.macports.org/> Ports system for OS X
#49787: Mailing list messages not delivered, subscriptions disabled due to Yahoo Mail now requiring DMARC -----------------------------+--------------------- Reporter: ryandesign@… | Owner: admin@… Type: defect | Status: new Priority: High | Milestone: Component: server/hosting | Version: Resolution: | Keywords: Port: | -----------------------------+--------------------- Comment (by raimue@…): Subject lines are only changed for macports-mgr, which would be low- priority anyway. Turning off footers for macports-users and macports-dev should be harmless and immediately fix the problem for subscribers with a strict DMARC policy. For longterm, the Mailman 2.1.16 proposal to edit the From header with a "via the list" string and adding a Reply-To header does not seem very nice to me, but I trust the Mailman developers that there is no better solution than that. -- Ticket URL: <https://trac.macports.org/ticket/49787#comment:8> MacPorts <https://www.macports.org/> Ports system for OS X
participants (1)
-
MacPorts