DMARC Mitigation for UNH Community Mailing Lists
In the spring of 2014, Yahoo implemented a stricter email validation policy for their email users. The mechanics of this policy, called DMARC, has caused problems with virtually all Internet sites that host conventional discussion mailing lists. The description about this change, and its impact to email lists as a whole, can be found in this "PCWorld" article.
This document describes this issue as it relates to UNH community mailing lists using Mailman and other mass mailing mechanisms. For the interested we also provide additional references about DMARC, and its Internet-wide impact on the operation of traditional Internet email discussion lists. If you have questions or comments about this document, or mailing lists in general, please contact the UNH Mailing List Server Admins at List.Admin@unh.edu.
To briefly summarize the issue, when any email user posts to a typical Internet email discussion list, the message is modified using long-standing email list conventions. But when the sender is using a Yahoo email return address, this modification causes the message to be undeliverable to other subscribers on the list who receive their email via Yahoo, Comcast, AOL, and perhaps other email service providers.
The Mailman mailing list software provides features to mitigate the problems caused by this new anti-spam email handling regime. It is up to individual UNH list owners to determine if their list is impacted by this issue and to turn on the Mailman DMARC mitigation features, since these features will make some fundamental changes in how the list operates. Be aware that there is no solution that can be implemented that will fully restore the original behavior of the affected lists. Yahoo has broken the functionality of traditional Internet email discussion lists.
Mailman DMARC Mitigation
In the simplest terms, the Mailman solution to DMARC is to take over ownership of the email message. Normally, a posting to a discussion list will look something like this:
From: Chris Pike <firstname.lastname@example.org> To: The GBC Forum <email@example.com> Subject: [GBC] More details on next Saturday's outing
As originally formatted, this message is no longer deliverable to other Yahoo subscribers, nor Comcast or AOL subscribers, because the message has been modified from the original as sent by Chris. The Mailman solution is to rewrite the "From:" address so that it no longer appears to be from Chris' email address.
From: "cpike_242 (AT) yahoo.com" <GREAT.BAY.CYCLERS@lists.unh.edu> To: Great Bay Cyclers <firstname.lastname@example.org> Subject: [GBC] More details on next Saturday's outing
The recommendation for Yahoo subscribers would be to include their name and email address as part of their message signature so that other subscribers will both know who the message is from and will be able to more easily contact that poster off-list if desired.
The following describes what happens when a message is posted from a Yahoo email user to a typical discussion format mailing list. Note that this scenario is not unique to UNH hosted mailing lists.
The message author, a subscriber to the list, composes a posting and sends it to the list from their Yahoo account.
Yahoo 'signs' the message with a DomainKeys Identified Mail (DKIM) validation. Yahoo, as part of their email policy, indicates to any receivers that recognize DKIM validations that if the message does not appear to be authentic, the receiving system should REJECT the message.
The message arrives at the Mailing List Server which identifies the message as being from a valid subscriber of the indicated list, based solely on the sender's return address.
The accepted posting is processed such that replies to this posting will go back to the discussion list, not just the original poster. Further, following long-established email mailing list standards, the message is modified so that any non-delivery errors will go back to the list owner, not the original poster.
The modified message is sent to all of the subscribers on the list. However since the message has been changed, the DKIM signature is no longer valid.
What happens next depends upon the particular email provider. For systems that do not recognize DMARC headers, the message is simply delivered. But for those systems that recognize the DMARC headers (AOL, Comcast, Yahoo, and others), the message is not delivered to the subscriber. Instead it is bounced back to the Mailing List Server as undeliverable. Both the original message poster, and the affected subscribers on the list, are unaware that this message rejection has taken place. (Currently Google's Gmail appears to recognize DMARC headers, but places the message in the subscriber's spam folder, rather than rejecting it.)
The Mailing List Server receives the non-delivery notices and forwards them on to the List Owner.
At this point it is only the List Owner that knows that the posting was not delivered to a certain set of subscribers. Part of the error message includes a URL that points to a web page explaining the policy for why the message was rejected. For reference, here are the URLs from three commercial ISPs.
Note that as part of the mailing list non-delivery reporting process, UNH IT scans these bounced messages for these links as a way of detecting newly impacted UNH mailing lists. We only notify list owners who have lists that are impacted. Fortunately, so far, this has been a very small number of lists, but we expect the impact will grow over time.
Other References About DMARC
An informative list of articles about DMARC including how Google Groups is dealing with the Yahoo changes.
While not ideal, the Mailman DMARC mitigation approach retains as much as possible the discussion list behavior for subscribers. For the interested, more detailed information about DMARC and Mailman is available. Questions and comments are also welcomed by the UNH Mailing List Admins (List.Admin@unh.edu).