SpamCop 98 Posted April 30, 2014 Share Posted April 30, 2014 I just saw a couple complaints over in the latest sc outage thread say folks are not getting email messages sent through Listserv, Mailman and other "email forum" software. email_support addressed the issue for paid email users here. The problem is new draconian DMARC settings. Yahoo! was the first to set a "reject" status at the beginning of this month if the domain does not match the source by either DKIM or SPF. Google: Yahoo Breaks Every Mailing List In The World. AOL has now followed suit. I am especially upset with Comcast because they claim best practices but are not publishing their DMARC status. I feel it is not Comcast's business what mail I receive. What's next, blocking phone calls on their VOIP network? I don't know about Listserv, but Mailman has a solution, though it is not ideal as the "From" header now must be the domain the list comes from, not the actual sender, so all participants must identify themselves. The fix is to 1) make sure the domain under which your Mailman list operates has DKIM or SPF set up, and 2) you are using the latest version of Mailman (my hosting provider has 2.1, it looks like 2.16 and beyond address the "anonymous sender" issue). Link to comment Share on other sites More sharing options...
DavidT Posted April 30, 2014 Share Posted April 30, 2014 Thanks for the warning on this--I manage a number of Mailman lists for nonprofits I'm involved with, and we have a few AOL and Yahoo addresses both sending to and receiving from the lists. DT Link to comment Share on other sites More sharing options...
davecb@spamcop.net Posted May 6, 2014 Share Posted May 6, 2014 Just FYI, I'm now getting spam with proper DKIM (DMARC) headers, such as From - Tue May 06 09:48:23 2014 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=DKIM1; d=surepays.biz; h=To:Subject:Message-ID:Date:From:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; i=postmaster[at]surepays.biz; bh=ugh6/2lwABu45cirXV1N2M/+peE=; b=FBPFUOjoX3L5JPvmjZG4tf4M/C5umMVUrKso+panJDwk4asI3tcCRY4Z4JYMI7aIan6APzhCiBN9 vnSu+mvviRfQJunq3DkUXy6eaGyPttvPprQCVUNl1wLshMOPSvwFx9oSd0pFgkFHgCix7sMOCRKu iuZDHQYyjcxIBrb+1D8= DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=DKIM1; d=surepays.biz; b=ILcsO4H3KJyI3B/3WXREaX0TGmsRpLV0DvLh6Ynpd3xBpTzmCkLQV5GbEOLQIRwM+CKq95bK7zLp 1yQP6RKd/1XauIHuC8oCKQvW4GHG4nE8bNySCGBNQLBy2+nzgSvOt1CM3wLNJM0I65DFH3fV3klc Mm4u3ZNP9R4XYAlD4Cs=; The Yahoo change was the weekend of April 12th The workaround was seen the following Monday, The first forged headers were seen on May 2, sent via a Google Groups bug It's now May 6 Link to comment Share on other sites More sharing options...
DavidT Posted May 6, 2014 Share Posted May 6, 2014 An update for those of you who administer Mailman lists: they have released v2.18 which has some new options to deal with the DMARC issue, and the devs at cPanel are apparently working to include it into WHM/cPanel ASAP (my VPS, running 11.42.1 Build 13 has Mailman 2.17). DT Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.