[openssl-users] mailing list registration renewal - clarify bounce errors
levitte at openssl.org
Tue Nov 8 08:19:06 UTC 2016
In message <20161108.083722.982336643109774878.levitte at openssl.org> on Tue, 08 Nov 2016 08:37:22 +0100 (CET), Richard Levitte <levitte at openssl.org> said:
levitte> In message <CADqLbz+3z=ENw9rdJ-3ivd-xa-05-DJ7RGvV4zEUFNq8BxYK2g at mail.gmail.com> on Mon, 7 Nov 2016 21:50:13 +0300, Dmitry Belyavsky <beldmit at gmail.com> said:
levitte> beldmit> Hello Rich,
levitte> beldmit> On Mon, Nov 7, 2016 at 8:34 PM, Salz, Rich <rsalz at akamai.com> wrote:
levitte> beldmit> > I can find no evidence of "excessive bounces .." so I am just
levitte> beldmit> asking here, is
levitte> beldmit> > this a standard clean up of the ML or have you really received
levitte> beldmit> excessive
levitte> beldmit> > bounces from my email address ?
levitte> beldmit> The latter.
levitte> beldmit> We have seen some more reports of this recently, and are
levitte> beldmit> increasing the logging to determine the cause. Interestingly, it's
levitte> beldmit> all from gmail.com addresses.
levitte> beldmit> I confirm the receiving the similar message.
levitte> The issue is called DMARC, and most certainly with a reject policy,
levitte> which basically tells recipients to reject messages that doesn't quite
levitte> appear to come from the originator.
levitte> This is problematic for mailing lists, that kind of act as a middle
levitte> man, and even moreso because rejections end up as bounces to the
levitte> mailing list software, which will end up disabling the bouncing
levitte> address. So in the end, it becomes a story of how users from one
levitte> domain are capable of throw out everyone else that checks their DMARC
levitte> Last time we went through this, we ignored the problem, for reasons I
levitte> cannot remember now. I'll have a closer look at what mailman can
levitte> offer and get back to you.
So, I changed this mailing list to munge the From: header of any
message coming from a domain that has a DMARC reject or quarantine
policy. That should avoid any more silly bouncing of the sort we've
Richard Levitte levitte at openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
More information about the openssl-users