I belong to a small hobby organization, and assist with simple techy things that can help the group in various ways, like helping maintain the website.
A while back, the group was looking for a simpler way to be sure that they could communicate effectively and easily among the groups executive, using email. This sounds easy, but in a group of 10, someone always seems to get left out of group emails sent from personal email accounts, or the wrong email gets included in a list, or emails get left in someone's personal list, that are no longer needed.
The group experimented with setting up a shared gmail account for this purpose, but gmail account security makes it very hard to share a single account, accessed from multiple locations. Next up was a google discussion group, but that had it's own list of complexities.
So I suggested we just set up an Old School email list service. You know, the ones were you define an email account, give a list of other emails to forward to, and just send anythng you want to share to it, for automatic forwarding to everyone. The list gets maintained in one place, and we are done.
Well, they still exist, but most are commercial Marketing remailers, with tons of bells and whistles, and probably lots of other strings attached. Some are free for entry level use, but I didn't spend too much time on them after looking into FreeLists.org .
FreeLists.org has been around for quite a while. They are truly free, although they do not accept just anyone. However our group met their criteria, so we set up our first list, and populated it with some emails and started testing. Everything went fairly well, and we were happy, until one of our members sent out a test, and we discovered that his Reply To: email had been Redacted, and replaced with "dmarc-noreply@freelists.org" . An interesting problem! Since I already had one request for advice in the hands of the FreeLists Staff, I decided to nibble at this one for a while myself.
DMARC and Spam:
In my research, I learned there is an anti-spam toolset used by
major email providers world-wide, known as DMARC. One of the things
DMARC does is allow email providers to identify the domain names they
use to send email from (like gmail.com, cogeco.com, rogers.com, etc),
and to embed that knowledge in several secure ways in emails and in
Domain Name Servers (the "address book" of the internet), to allow
receiving email services to securely determine if a given email has
actually come from the email service it says it originated from (the
"domain name" test).
Reject or Ignore:
Email sending services can also optionally tell a receiving email
service what to do with email that fails this "domain name" test: either
reject the email, or ignore it (allowing the receiving email service to
decide what to do about it instead). When DMARC was first rolled out in
2012 - 2013, this failure action was defaulted to ignore, by virtually
everyone who implemented DMARC.
Yahoo got Spammed:
In early April, 2014, Yahoo.com was hit by major email spammers, who
were spoofing the yahoo.com domain name, and creating havoc among
yahoo email users and others. Yahoo made a quick decision one weekend
to change the DMARC failure action for their domain name from ignore to
reject. In doing so, all mail list and other remailing applications
that included any yahoo email users, broke instantly (their email
spoofing problem was solved, though). Not only did they fail, but the
resulting error messages began bouncing back, and some of the bounces
resulted in further rejects and bounces... See
https://www.pcworld.com/article/2141120/yahoo-email-antispoofing-policy-breaks-mailing-lists.html
for further information.
Fixing Mail Lists:
Mail List and other remailing service providers needed to deal with
this, including our Mail List provider Freelists.org. DMARC also
provided some work-arounds. See for example
https://www.spamresource.com/2014/04/run-email-discussion-list-heres-how-to.html
. At the time, FreeLists.org Facebook page reported:
" Freelists - Freelists.org April 19, 2014 ·
A solution to DMARC-related issues has been developed and is being
tested on a handful of lists that reported deliverability problems to
us. Should feedback be positive, we'll continue rolling this out to the
entire site in the coming days.
Let us (staff@freelists.org) know if you'd like advance access to
the fix, which replaces the subscriber's From: address with an "address
redacted" sort of message when posting IF his mail provider publishes
DMARC records."
Another common fix was to ask Yahoo email users to switch to another
major email provider, like Gmail or Outlook...
So why did our Rogers.com Member get Redacted?
Examining the email header of messages from our Rogers User showed references to Yahoo! Now that is very interesting! No other user of our list had such references in their email headers. But further research quickly uncovered the fact that Rogers has outsourced it's email to Yahoo.ca!!
I then discovered the toolset at the website dmarcian.com: https://dmarcian.com/dmarc-inspector/yahoo.ca
I ran this for the Rogers.Yahoo.ca email service, and determined that "p=reject", which is why our member's email is getting redacted. His email provider prevents him from full use of a mail list.
In conclusion, our member gets to decide if a redacted reply address is okay when he uses our list, or if he will set up a different email account, to gain full use of the list.
We can also move forward to add a list that allows us to email amongst our total membership efficiently.
No comments:
Post a Comment