Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DMARC, Yahoo and mailing lists

From: Walter Moore <moorewr () ECKERD EDU>
Date: Thu, 19 Jun 2014 10:51:43 -0400
We feel your pain. One set of mailing lists in particular has a large group
of AOL and yahoo users, and was greatly impacted. We dealt with the
situation in the short-term by using the option to remove the sender's
mailing address for one of those lists. This of course caused new problems
with senders not identifying themselves, so it was purely a temporary
measure.

If anyone started converted from a packaged mailman (RHEL in our case) to
one they compiled I'd be curious to hear about your process. We have ours
ready to go but had some outside factors that made us delay the switch.

In our case we think will build the new version to use the same locations
as the RHEL package:
'./configure'  '--prefix=/usr/lib/mailman'
'--localstatedir=/var/lib/mailman' '--sharedstatedir=/var/lib/mailman'
'--with-urlhost=[fqdn]'


On Wed, Jun 18, 2014 at 8:11 PM, Andrew Daviel <advax () triumf ca> wrote:


Has anyone had problems with Yahoo email users and mailing lists since
April, and if so what did you do about it ?

http://blog.threadable.com/how-threadable-solved-the-dmarc-problem

Apparently there's a patch available for mailman, but I haven't tried it
yet.


I hadn't been made aware of any mailing list problems here, but now I
start looking into it with some test accounts, it seems I cannot send a
message via mailman from a yahoo account to another yahoo account, or from
a yahoo account to a hotmail account. Not just being filtered as spam, but
actually getting an SMTP rejection.


When I check, I see that at least the following now have "reject" DMARC
records:
facebook.com
linkedin.com
paypal.com
yahoo.com
twitter.com

viz. DNS TXT records for xxx.tld, e.g. "host -t txt _dmarc.yahoo.com"
or "dig +short -t txt _dmarc.twitter.com"

This probably has implications for Unix-style mail forwarding, too -
forwarded linkedin and facebook notifications may fail if the target domain
implements DMARC filtering.


--
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376  (Pacific Time)





-- 
+-----------------------------------------------------------------+
Walter R. Moore --  Sr. Systems Administrator, Eckerd College
moorewr () eckerd edu --  http://home.eckerd.edu/~moorewr

"It was glorious to see -- if your heart were iron,
And you could keep from grieving at all the pain" - The Iliad (13.355)

I'm on twitter: http://twitter.com/moorewreckerd

***Reminder! ITS will never ask you to e-mail your password!***
Previous By Date Next
Previous By Thread Next

Current thread: