Sign in to follow this  
Followers 0
SpamCop 98

DMARC breaking email forums

4 posts in this topic

I just saw a couple complaints over in the latest sc outage thread say folks are not getting email messages sent through Listserv, Mailman and other "email forum" software. email_support addressed the issue for paid email users here.

The problem is new draconian DMARC settings. Yahoo! was the first to set a "reject" status at the beginning of this month if the domain does not match the source by either DKIM or SPF. Google: Yahoo Breaks Every Mailing List In The World. AOL has now followed suit. I am especially upset with Comcast because they claim best practices but are not publishing their DMARC status. I feel it is not Comcast's business what mail I receive. What's next, blocking phone calls on their VOIP network?

I don't know about Listserv, but Mailman has a solution, though it is not ideal as the "From" header now must be the domain the list comes from, not the actual sender, so all participants must identify themselves.

The fix is to 1) make sure the domain under which your Mailman list operates has DKIM or SPF set up, and 2) you are using the latest version of Mailman (my hosting provider has 2.1, it looks like 2.16 and beyond address the "anonymous sender" issue).

Edited by SpamCop 98

Share this post


Link to post
Share on other sites

Thanks for the warning on this--I manage a number of Mailman lists for nonprofits I'm involved with, and we have a few AOL and Yahoo addresses both sending to and receiving from the lists.

DT

Share this post


Link to post
Share on other sites

Just FYI, I'm now getting spam with proper DKIM (DMARC) headers, such as

From - Tue May 06 09:48:23 2014

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=DKIM1; d=surepays.biz;

h=To:Subject:Message-ID:Date:From:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; i=postmaster[at]surepays.biz;

bh=ugh6/2lwABu45cirXV1N2M/+peE=;

b=FBPFUOjoX3L5JPvmjZG4tf4M/C5umMVUrKso+panJDwk4asI3tcCRY4Z4JYMI7aIan6APzhCiBN9

vnSu+mvviRfQJunq3DkUXy6eaGyPttvPprQCVUNl1wLshMOPSvwFx9oSd0pFgkFHgCix7sMOCRKu

iuZDHQYyjcxIBrb+1D8=

DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=DKIM1; d=surepays.biz;

b=ILcsO4H3KJyI3B/3WXREaX0TGmsRpLV0DvLh6Ynpd3xBpTzmCkLQV5GbEOLQIRwM+CKq95bK7zLp

1yQP6RKd/1XauIHuC8oCKQvW4GHG4nE8bNySCGBNQLBy2+nzgSvOt1CM3wLNJM0I65DFH3fV3klc

Mm4u3ZNP9R4XYAlD4Cs=;

The Yahoo change was the weekend of April 12th

The workaround was seen the following Monday,

The first forged headers were seen on May 2, sent via a Google Groups bug

It's now May 6

Share this post


Link to post
Share on other sites

An update for those of you who administer Mailman lists: they have released v2.18 which has some new options to deal with the DMARC issue, and the devs at cPanel are apparently working to include it into WHM/cPanel ASAP (my VPS, running 11.42.1 Build 13 has Mailman 2.17).

DT

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0