[obol] IMPORTANT WORD from the Moderators, please do not ignore!
- From: DJ Lauten and KACastelein <deweysage@xxxxxxxxxxxx>
- To: OBOL <obol@xxxxxxxxxxxxx>
- Date: Sun, 13 Apr 2014 12:30:07 -0700
Hello folks,
We apologize for this notice and the potential outcomes, but we are
doing our best to deal with a difficult technical situation.
Along with all other listservs across the world, OBOL has been affected
by a recent change in security from Yahoo. OBOL moderators have been
scrambling to take care of members getting bounced and to come up with a
fix.
A good explanation from slashdot.com <http://slashdot.com> is copied
below, if you are interested in reading more about what is going on. You
can also google Yahoo DMARC.
Unfortunately, everything we have read and been told by experts is that
this security change within Yahoo is "breaking mailing lists all over
the world" and the only solution is to ban Yahoo users from joining the
list, and to ask them to sign up with another email address such as gmail.
If you notice that you suddenly stop receiving emails from OBOL or that
your posts are not appearing, please contact us right away.
If you are subscribed to OBOL using a Yahoo address, please contact us
right away.
In the next few days, we will be trying to contact all of our Yahoo
users and discuss options with them.
If your have a msn or comcast account, you may also have been effected
BUT it is not an msn and comcast problem so there should be no need to
make any changes if you use those services. The change is yahoo has
caused problems with these service providers also.
Please remember this is not something the moderators have control over,
and we are trying our best to find solutions. Please be patient with us!
Thanks
OBOL Moderators
On April 8, Yahoo implemented a new DMARC policy that essentially bars
any Yahoo user from accessing mailing lists hosted anywhere except on
Yahoo and Google. While Yahoo is the initiator, it also affects Comcast,
AT&T, Rogers, SBCGlobal, and several other ISPs.
Internet Engineering Council expert John R. Levine, a specialist in
email infrastructure and spam filtering, said, 'Yahoo breaks every
mailing list in the world including the IETF's
<http://www.ietf.org/mail-archive/web/ietf/current/msg87153.html>' on
the Internet Engineering Task Force (IETF) list.
DMARC (Domain-based Message Authentication, Reporting & Conformance) is
a two-year-old proposed standard that is intended to curb email abuse,
including spoofing and phishing. Unfortunately, as implemented by Yahoo,
it claims most mailing list users as collateral damage. Messages posted
to mailing lists (including listserv, mailman, majordomo, etc) by Yahoo
subscribers are blocked when the list forwards them to other Yahoo (and
other participating ISPs) subscribers. List members not using Yahoo or
its partners are not affected and will receive posts from Yahoo users.
Posts from non-Yahoo users are delivered to Yahoo members. So
essentially those suffering the most are Yahoo's (and Comcast's, and
AT&T's, etc) own customers. Their best proposed solution is to ban Yahoo
email users from mailing lists and encourage them to switch to other ISPs."
“I noticed this because I got a blizzard of bounces from my church
mailing list, when a subscriber sent a message from her yahoo.com
<http://yahoo.com> account, and the list got a whole bunch of rejections
from Gmail, Hotmail, Comcast, and Yahoo itself. This is definitely a
DMARC problem, the bounces say so,” says Levine.
This weakness in the mailing lists is not just restricted to only the
Yahoo! subscribers, in fact the subscribers at Gmail, Hotmail, Comcast
etc are also facing it. There are a number of different bounces that
people are reporting due to Yahoo publishing a DMARC record of p=reject.
“Since Yahoo mail provokes bounces from lots of other mail systems,
innocent subscribers at Gmail, Hotmail, etc. not only won't get Yahoo
subscribers' messages, but all those bounces are likely to bounce them
off the lists,” Levin says, adding, “A few years back we had a similar
problem due to an overstrict implementation of DKIM ADSP, but in this
case, DMARC is doing what Yahoo is telling it to do.
”*HOW TO KEEP YOUR 'MAILING LIST' UP!*
Levine offers three suggestions for people who run mailing lists or
other mail software that might legitimately pass on a yahoo.com
<http://yahoo.com> message, to improve the condition:
* Suspend posting permission of all yahoo.com <http://yahoo.com>
addresses, to limit damage
* Tell Yahoo users to get a new mail account somewhere else, pronto,
if they want to continue using mailing lists
* If you know people at Yahoo, ask if perhaps this wasn't such a good
idea.
It might sound like a perfectly reasonable security measure, Yahoo
should consider reversing the change.
Other related posts:
