[Mailman-Users] DMARC issues

Mark Sapiro mark at msapiro.net
Sat Apr 12 13:28:34 CEST 2014 

On 04/12/2014 02:59 AM, Peter Shute wrote:
>> On 12 Apr 2014, at 11:53 am, "Mark Sapiro" <mark at msapiro.net> wrote:

>> bounce_you_are_disabled_warnings = 3 = 7
> 
> Thanks for those. Is the last one a typo? Otherwise, what does =3=7 mean?


It was supposed to say

bounce_you_are_disabled_warnings = 3
bounce_you_are_disabled_warnings_interval = 7


> With these settings, and address will have to bounce on 5 days, with no breaks of 7 days or more before being disabled?


Correct.


> After they're disabled, they get a warning email every bounce_you_are_disabled_warnings_interval days, correct? What's the default for that, please? 


7 days, the bit that got dropped above.


> And then after bounce_you_are_disabled_warnings of these, they're actually unsubscribed?


Yes.


>>> Am I right in thinking that if we make these values high enough, we'll see no accounts disabled, and the only side effects will be more bounces and yahoo mail won't get through? Would this be an acceptable solution for a list with only 1000 members and low traffic, assuming we warn the yahoo members to use a different address?
>>
>>
>> Just turn off bounce processing for the list. See the FAQ at
>> <http://wiki.list.org/x/ggARAQ>.
> 
> That should work for us for now, but won't we have a growing load of bounces as time goes by? I was thinking it might be better to get rid of those addresses that are permanently bouncing every message, even if we take longer to do it than before.


Yes, those are the tradeoffs you need to consider.


>> Additional reading at <http://www.dmarc.org/faq.html#s_3>,
>> <http://blog.threadable.com/how-threadable-solved-the-dmarc-problem> and
>> <http://www.spamresource.com/2014/04/run-email-discussion-list-heres-how-to.html>
>> and other articles linked from those.
> 
> From the threadable article:
> “He recommends that all list administrators immediately stop delivering to Yahoo addresses to limit damage, and encourage members to move to a more friendly provider."
> 
> How would not delivering to yahoo addresses help? I thought the problem was with delivering yahoo email to others.


See Jim P's post in this thread at
<https://mail.python.org/pipermail/mailman-users/2014-April/076383.html>
and the branch linked therefrom, although you probably don't have the
access required to install it.

Jim P's approach is to reject any post From: a domain with a DMARC
policy of reject.

To accept a post and then not deliver it to some because you know it
won't be accepted is arguably wrong, and also, you can't know except by
experience which recipient domains will reject the post for DMARC
policy. I've seen the following:

aol.com
att.net
comcast.net
compuserve.com
hotmail.com
msn.com
netscape.net
pacbell.net
sbcglobal.net
yahoo.com

and a buisiness domain hosted by Yahoo.


> And I'm wondering about asking people to move off yahoo. We might have to do that, but what happens if they go to the trouble of getting a gmail account, and then google starts doing the same thing? They're not going to be happy.


It remains to be seen if DMARC becomes more widely adopted or dies, See
Rich K's post in this thread at
<https://mail.python.org/pipermail/mailman-users/2014-April/076392.html>. So
far, Gmail/Googlemail is not honoring DMARC policy.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list