[kwlug-disc] Confirmation of meeting announcement

Sun Apr 3 02:13:16 EDT 2016

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Paul wrote:
> do not think that there is much we can do to fix this situation 
> without throwing all of our Yahoo members under the bus.

It is Yahoo which is throwing its own users under that bus, not KWLUG,
because Yahoo is implementing a policy non-conformant with SMTP mail
standards[1]. Mis-identifying mail as spam ("false positives") is wrong.
Silently dropping mail is wrong. There is no requirement to use DKIM,
SPF or DMARC, but those other mail companies that do implement those
techniques properly do not incur the failure to deliver mailing list
mail as Yahoo does.

B.S. wrote:
> OTOH, if it's DKIM that's 'breaking', presumably the irritant is 
> going to increase as more and more providers adopt stricter rules. 
> This isn't going to be limited to yahoo.

Other companies have already implemented DKIM and SPF, and set up
their policies to identify flagged mail but not drop it silently. See
Paul's comment that Google Mail issues the message "Why is this
message in Spam? It has an address from yahoo.ca but fails yahoo.ca's
required tests for authentication."

Problems with DMARC (and DKIM) and mailing lists were known when those
protocols were designed[2], and Google Mail and Hotmail seem to have
overcome them. Yahoo doesn't seem to care.

- --Bob.

[1] RFC5321 Section 2.1: "The responsibility of an SMTP client is to
transfer mail messages to one or more SMTP servers, or report its
failure to do so." https://tools.ietf.org/html/rfc5321#section-2.1

[2] RFC7489 Section 10.5: "Additional DMARC constraints occur when a
message is processed by some Mediators, such as mailing lists.
Transiting a Mediator often causes either the authentication to fail
or Identifier Alignment to be lost.  These transformations may conform
to standards but will still prevent a DMARC 'pass'."
https://tools.ietf.org/html/rfc7489#section-10.5

On 2016-04-02 06:57 PM, Khalid Baheyeldin via kwlug-disc wrote:
> Yes.
> 
> That is what I am seeing too.
> 
> Basically, the Drupal contact form puts From: to be the address of
>  whomever has filled the form. But the email is being sent from the
>  specific server, which is not a Yahoo mail server. Hence the email
> is rejected.
> 
> On Sat, Apr 2, 2016 at 6:39 PM, Bob Jonkman via kwlug-disc 
> <kwlug-disc at kwlug.org> wrote: I think Yahoo is rejecting mailing 
> list messages that originate from @yahoo.* addresses.  So Yahoo 
> users don't see their own messages, or any other messages from
> other Yahoo originators. The rest of us have no problem.
> 
> Yahoo has implemented DMARC, which tries to verify that the address
>  headers are all consistent. But on a mailing list the message
> sender is the mailing list (kwlug-disc-bounces at kwlug.org), the
> server delivering the message is from CCj/Clearline, and the
> originator's "From" address could be somebody at yahoo.com.  DMARC
> throws a hissy fit, and Yahoo mail discards the incoming message
> because it looks spoofed.
> 
> My guess is that Yahoo raised the rejection threshold by another 
> notch in the last few weeks, resulting in problems for their users
>  who use mailing lists.
> 
> 
> Christopher Browne from the GTALUG mailing list conveniently
> supplied this link:
> 
> http://www.pcworld.com/article/2141120/yahoo-email-antispoofing-policy-breaks-mailing-lists.html
>
>
>
> 
Seems Yahoo mail users on GTALUG are equally affected.
> 
> My advice? Stop using Yahoo mail.
> 
> --Bob.
> 
> 
> 
>> 
>> 
>> _______________________________________________ kwlug-disc
>> mailing list kwlug-disc at kwlug.org 
>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>> 
> 
> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Ensure confidentiality, authenticity, non-repudiability

iEYEARECAAYFAlcAtHoACgkQuRKJsNLM5eosWwCeI2PT4mYnqDX/FVgyAxYl0X4W
KIwAn3yhePNrm8WDXUuj+veKZid2vT5F
=zslV
-----END PGP SIGNATURE-----