Re: DMARC, Yahoo and mailing lists

[Roger A Safian <r-safian () NORTHWESTERN EDU>]

We applied the patch on May 1st...so far no problems.  Here's what we had sent out to our community:

NUIT has applied a patch to the Listserv system that remedies the problem described below for Listserv users. All 
@yahoo/@aol email posting has been restored to NU Listserv.
****IMPORTANT - NU Listserv List Owners. See NU Listserv Response section.**** 
Northwestern University Information Technology (NUIT) and other email service providers have identified some disruption 
of communications due to Yahoo and AOL's implementation of a new DMARC, or Domain-based Message Authentication, 
Reporting & Conformance policy. Yahoo and AOL have reported that these changes to their systems are intended to reduce 
email fraud, and are beyond the control of the University.
Impact on End User
This change can affect anyone sending or receiving email from @yahoo.com or @aol.com. Messages sent from these email 
providers may not be delivered if the intended recipient is forwarding their email through a rule on their mailbox; a 
distribution list; a listserv application; or other application.
NUIT will continue to work with Yahoo and AOL in an effort to remove these service barriers.
Northwestern Provided Email Services
Northwestern University provides email services to faculty, staff, and students that are designed to provide stable and 
reliable email delivery. In the event you are forwarding your University provided account to an alternate email service 
provider we recommend you remove the forwarding rule to allow messages from yahoo.com and aol.com to be delivered to 
you.
Northwestern Listserv Response
To provide timely delivery of messages to the University community we have taken steps to transition the affected email 
addresses to "read-only mode" within the University Listserv application. If you are currently subscribed to a 
University listserv and wish to post messages, please subscribe with a non-Yahoo or AOL email address.
For more information NUIT has posted a What's New & Changing page on our website: 
www.it.northwestern.edu/transitions/2014/Yahoo-DMARC.html
Please communicate as appropriate to your list. 


> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Andrew Daviel
> Sent: Wednesday, June 18, 2014 7:11 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] DMARC, Yahoo and mailing lists
>
> Has anyone had problems with Yahoo email users and mailing lists since April,
> and if so what did you do about it ?
>
> http://blog.threadable.com/how-threadable-solved-the-dmarc-problem
>
> Apparently there's a patch available for mailman, but I haven't tried it yet.
>
>
> I hadn't been made aware of any mailing list problems here, but now I start
> looking into it with some test accounts, it seems I cannot send a message via
> mailman from a yahoo account to another yahoo account, or from a yahoo
> account to a hotmail account. Not just being filtered as spam, but actually
> getting an SMTP rejection.
>
>
> When I check, I see that at least the following now have "reject" DMARC
> records:
> facebook.com
> linkedin.com
> paypal.com
> yahoo.com
> twitter.com
>
> viz. DNS TXT records for xxx.tld, e.g. "host -t txt _dmarc.yahoo.com"
> or "dig +short -t txt _dmarc.twitter.com"
>
> This probably has implications for Unix-style mail forwarding, too - forwarded
> linkedin and facebook notifications may fail if the target domain implements
> DMARC filtering.
>
>
> --
> Andrew Daviel, TRIUMF, Canada
> Tel. +1 (604) 222-7376  (Pacific Time)