[Discuss] DMARC issue, Yahoo and beyond

John Abreau jabr at blu.org
Thu May 29 12:18:24 EDT 2014 

Of course, if Jerry can narrow down the dependencies enough, maybe he'll
find a way to install them in a silo without breaking anything else. If he
can do that, then we can address the issue sooner.

That will still involve a lot of testing, so it won't be an immediate fix.



On Thu, May 29, 2014 at 12:08 PM, John Abreau <jabr at blu.org> wrote:

> There's no downside? I think you're assuming too much.
>
> Jerry emailed me this morning to tell me that he can't upgrade Mailman
> without first upgrading its dependencies, including python, and those
> upgrades would likely break the OS, as it's gotten fairly old.
>
> We're currently waiting on Earthlink to provide VMs to replace our
> physical servers, and when they eventually provision them, we'll migrate
> everything off the old servers and onto VMs running a current OS release.
>
> The VM running the new mail server will have the newest Mailman release,
> so addressing the dmark issue at that time should be simple and
> straightforward. Addressing it immediately would involve purchasing new
> server hardware and building a new mail server, which we'd then be phasing
> out when the VMs become available.
>
> Also, the BLU server hardware has traditionally been donated, so spending
> a lot of money on a new server would be a significant burden.
>
> I'd argue that this burden can reasonably be described as a large
> downside.
>
>
>
>
> On Thu, May 29, 2014 at 10:35 AM, Edward Ned Harvey (blu) <
> blu at nedharvey.com> wrote:
>
>> > From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss-
>> > bounces+blu=nedharvey.com at blu.org] On Behalf Of Bill Horne
>> >
>> > > I think you mean to say, nothing special is done.
>> >
>> > That's not necessarily a bad thing. If Yahoo is a stalking horse for
>> > GooHotMess, the Yahoo execs may be looking to see how many email
>> > admins
>> > knuckle under and feed their fantasy of total control.
>>
>> Did you even read the rest?  I'm in shock to hear so many heads buried in
>> the sand.  Ignoring them does NOT hurt yahoo in any way.  Ignoring them
>> hurts everyone else.
>>
>> If somebody posts to the list using a dmarc policy of reject, *you* will
>> be unsubscribed from the list instead of them, because *your* email address
>> is the one that will bounce.  Not theirs.  Read the rest of the message.
>>  Quoted below for your convenience.
>>
>> There's a really simple straightforward fix that literally has no impact
>> on the rest of us; it has all upside and no downside.  Only users posting
>> from an address with a reject or quarantine policy will have their from
>> address munged.  Which makes the list safe for everyone else.
>>
>>
>> > From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss-
>> > bounces+blu=nedharvey.com at blu.org] On Behalf Of Edward Ned Harvey
>> >
>> > I think you mean to say, nothing special is done.  Which means, if
>> anybody
>> > posts to the list from a yahoo address (or any domain where dmarc is
>> set to
>> > reject or quarantine) then any recipients on google, microsoft, or other
>> > domains where sender dmarc policy is honored, will bounce.  And the end
>> > result is, anybody sends from Yahoo will result in *other* people
>> getting
>> > unsubscribed from the list because their mail bounces.
>> >
>> > The official mailman suggestion, created specifically for this purpose,
>> is to set
>> > from_is_list = no, and set dmark_moderation_action = munge.
>> >
>> > This way, all the users currently using the list experience no change.
>>  You and
>> > I post to the list, and it goes through same as always.
>> >
>> > But somebody posts to the list from a domain where dmarc policy is
>> reject or
>> > quarantine, their from address will be munged, so it's safe for
>> everyone else
>> > to receive it.
>> _______________________________________________
>> Discuss mailing list
>> Discuss at blu.org
>> http://lists.blu.org/mailman/listinfo/discuss
>>
>
>
>
> --
> John Abreau / Executive Director, Boston Linux & Unix
> Email jabr at blu.org / WWW http://www.abreau.net / 2013 PGP-Key-ID
> 0x920063C6
> 2013 / ID 0x920063C6 / FP A5AD 6BE1 FEFE 8E4F 5C23  C2D0 E885 E17C 9200
> 63C6
> 2011 / ID 0x32A492D8 / FP 7834 AEC2 EFA3 565C A4B6  9BA4 0ACB AD85 32A4
> 92D8
>



-- 
John Abreau / Executive Director, Boston Linux & Unix
Email jabr at blu.org / WWW http://www.abreau.net / 2013 PGP-Key-ID 0x920063C6
2013 / ID 0x920063C6 / FP A5AD 6BE1 FEFE 8E4F 5C23  C2D0 E885 E17C 9200 63C6
2011 / ID 0x32A492D8 / FP 7834 AEC2 EFA3 565C A4B6  9BA4 0ACB AD85 32A4 92D8

More information about the Discuss mailing list