[sf-lug] REQUEST FOR HELP: Fwd: Mail delivery failed: returning message to sender

Rick Moen rick at linuxmafia.com
Sun Apr 26 17:25:49 PDT 2020


Quoting Jim Stockford (jim at well.com):

> I got several email messages from the SF-LUG email server
> noting that a number of subscribers have been fatally dropped.
> Attached to each email was the email message down below.
> 
> Note that every user has a YAHOO account and there is the
> following reference for each user:
> 
>         See https://help.yahoo.com/kb/postmaster/SLN7253.html
> 
> The short story is that Yahoo's DNS policies are rejecting
> emails sent from the SF-LUG server along the lines that
> the Yahoo DNS policies do not recognize the SF-LUG server's
> domain as valid.

Short story:  Yahoo is breaking mailing lists mail using an overly
aggressive implmentation of their 'DMARC' antiforgery method.

Long story:  Yahoo Mail implements a particularly pathological
implementation of DMARC that is mailing list-hostile.  All mailing list
software is having a difficult time dealing with that.  If my server
were running a much more recent version of GNU Mailman, it would be
possible to enable a mitigation technique that does an ugly header
rewrite ('munging' the From: header) selectively on mail arriving at
Mailman from domains with overly aggressive DMARC policies declared in
their DNS (as does domain yahoo.com, yahoo.co.in, etc.) 

In fact, this overly aggressive policy hurts not only the posters
sending mail from domain yahoo.com (and yahoo.co.in, etc.), but also other subscribers whose
MTAs implement the yahoo.com (etc.) policy to verify authenticity of mail
looped through the mailing list.  Example:

joeuser at yahoo.com is subscribed to sf-lug at linuxmafia.com, and posts.  
This mail arrives at linuxmafia.com and is handed off to Mailman, which
then remails copies to all subscribers including janeuser at gmail.com .
Gmail.com's MTA (SMTP server) receives janeuser's subscriber copy of
joeuser's post and tests it against claimed sending domian yahoo.com's 
DMARC antiforgery policy, which is so strict that mail routed through a
non-yahoo.com mailing list tests as 'forged' upon arrival at GMail.
GMail duly refuses delivery of janeuser's copy, which results in a
non-delivery notification back to linuxmafia.com, which notifies
Mailman, which increments the 'bounce score' for subscriber janeuser.
If this cycle repeats too frequently, then janeuser's subscription gets
delivery disabled on grounds of too high a bounce score.  (Eventually,
such subscribers can get dropped.)  So, janeuser gets hurt by Yahoo's
DMARC policy even though janeuser isn't even a Yahoo user.


Since for the time being I am stuck on the version of Mailman my server
runs, that kludge (mitigation of the DMARC disaster) is unavailable to
me.  I will not be able to run a more-recent Mailman version until after
a successful total migration of linuxmafia.com to new hardware and
software (which I will do when I find time, which will be when I'm
damned good and ready for a long and exhausting project).

Short of that, I can only suggest that people ought not to use mail
domains run by people who publish overly aggressive DMARC policies.

Yahoo was the developer of DKIM, so naturally their implementation of it
is overly aggressive, pathological, and famous for breaking mail
delivery through even standards-compliant forwarders such as mailing
list software.  Therefore, asking them to please cease implementing
their badly designed anti-forgery system isn't likely to have useful
results:  They know they implemented something that breaks a lot of
mail, and they don't care.

There are _way_ better free-of-charge webmail providers than Yahoo Mail.
The smart solution for users is to stop using it.  

But you'd like a magic wand that makes the problem Yahoo created go
away.  Unfortunately, there isn't one.


Meanwhile, it would have been very useful if you as listadmin had
bothered to uncheck the 'nomail' column entries with letter 'B' 
(meaning 'mail delivery disabled on account of too high a bounce
score') in the membership list page.  I notice you didn't bother, so
I've done that work.

Would you mind please bothering in the future?  Thanks.

The reason I had to add myself as a listadmin was that I discovered
after a few years that you were failing to do the job, and subscribers
were having various problems to which you as listadmin were completely
oblivious.  It would be nice if you were to step up to the plate, Jim.
I'm not supposed to have to do that job.  You were supposed to.  It was 
a condition you agreed to when I said I was willing to give SF-LUG a
hand and give it replacement mailing list hosting in 2005 when the group
suffered that total loss of its mailing list setup that you've never
been willing to explain (like, what happened, and why were there no
backups)?




More information about the sf-lug mailing list