Order Cart | Contact Us | Home | SIGs | Login

Special Interest Groups

Yahoo Email Change Causes Mailing List Havoc

There's been an important and very bad development in the mailing list world. There's a new spam/phishing prevention tool called "DMARC" that was developed by several of the largest email providers (Yahoo, Gmail, Facebook, Paypal). We're not experts, but here's how we understand it works, and the problem that it causes:

The purpose of DMARC is to check whether all of the headers and other content of an email are consistent and warn the recipient mail system if they are not. For example if someone tries to send from a yahoo.com email address to, say a gmail.com user from outside Yahoo's network, that breaks the DMARC signature and Yahoo then notifies Gmail that it is a forged or otherwise suspicious message. Yahoo can choose to simply issue a warning, or can actually instruct it to bounce the message back to the sender This is a good thing to stop forgeries and phishing attempts. However, it can also interfere with the mailing lists work.

The problem is that mailing lists almost by definition break the DMARC signature by adding/changing header fields and even by adding the "unsubcribe" footer at the bottom of the message. If a DMARC mismatch just causes a warning, no real harm is done.

However, in early April, 2014, Yahoo changed their policy from just warning about a DMARC mismatch, to instructing other mail servers to bounce any message with a broken signature.

As a result, if bob@yahoo.com sends an email to some-list@tapr.org, we will retransmit that message still showing "bob@yahoo.com" in the From: line (required if someone wants to reply directly back to Bob), but with the header changes made by the mailman list software. When the list message goes to alice@gmail.com (or any other DMARC-compliant mail provider), the server will see that the DMARC signature doesn't match, will check with Yahoo, and will learn that it should bounce the message back to the mailing list server.

So the message for Alice gets sent back to tapr.org, where mailman says "OK, this is bounce #5 in the last few days from alice@gmail.com, so her address is probably bad and I'll unsubscribe her." And she is no longer on the mailing list. Neither is Bob, since Yahoo will also bounce his copy of the list message and he will suffer the same unsubscription fate.

As you can see, this process ultimately results in not only Yahoo users, but other list subscribers who use a DMARC-compliant mail service, being unsubscribed though they've done nothing at all wrong.

Here's an article describing the problem: http://www.virusbtn.com/blog/2014/04_15.xml.

Based on some Google searching, at this time there doesn't appear to be any way for mailing list software to avoid the issue unless it dumbs itself down to the point where it's simply acting as a message forwarder and doesn't provide any of the added capabilities that we take for granted.

One option that would help at the moment would be to reject any list message coming from a yahoo user, but that's not exactly optimal. And if gmail were to adopt the same policy, we'd have to block gmail users, too. That's not a useful road to travel.

We're not sure what will happen next; We're watching any developments. In the meantime, out apologies for any inconvenience this situation causes.

APRS APRS, an acronym for Automatic Packet Reporting System, is an integration of hardware and software that allows you to automatically track moving objects (such as vehicles, people, and weather) in real time using maps displayed on your computer monitor. The purpose of the APRS SIG is to provide a forum for folks interested in discussing APRS and topics related to APRS. The APRS group supports several mailing lists, which include: APRSSIG, APRSSIG, APRS Field Day, APRS Satellite Experimentation, APRS Specification Discussion, Hot Technology, and PropNet... Read more

BBS SIG As the sysop of a packet BBS, you have taken on quite a responsibility. If you've been a sysop for some length of time, you've discovered that operating a BBS is more than just loading software and hooking up radios to TNCs. It's an on-going process and often an expensive one. You'll find seasoned veterans and newcomers, alike on the BBSSIG. The major BBS software developers are frequent participants. Word of new software, tips and bug reports hit the SIG right away... Read more

Digital High Frequency (HFSIG) The purpose of the HF SIG is to serve as a forum for those involved in experimenting, and developing digital applications for HF. HF offers unique challenges and rewarding opportunities for amateur radio. It allows for both short and long distance digital communications without the involvement of specialized terrestrial or space-based equipment such as repeaters, or satellite transponders. It allows for one-to-one (keyboard-to-keyboard) as well as many-to-one (networking), modes of operation. These are quite different in philosophy and functional needs. The amateur bands have seen a dramatic increase in diversity in technology as well as increased activity in the use of digital modes. Development of future technology for HF digital requires experimentation with several topics on communications. ... Signup

Digital Signal Processing The purpose of the DSP SIG is to serve as a forum for those involved in experimenting, and developing DSP based applications and techniques. We require talents representing a wide range of topics such as mathematics (coding theory, signals and transforms), software engineering (algorithm development, real-time OS, low-level I/O, host OS), electrical engineering (analog, digital and RF), digital signal processing (theoretical, hardware and software), etc. However, there also is a similar need for technical writers, beta testers, and project management... Read more

HAM IEEE 802.11 The purpose of the HAM-80211 list is to provide a forum for folks interested in discussing IEEE 802.11 topics related to Amateur Radio Digital Communications... Signup

Linux The purpose of this list is to discuss Linux activities related to amateur radio operations and various TAPR projects... Signup

Weather (WXSIG) This mailing list is for discussion of topics relating to the weather. In addition to weather topics of general interest, this SIG emphasizes measurement of atmospheric parameters important to characterizing local weather. Also, the collection, communication, distribution, interpretation and use of these measurements in all aspects of weather sciences will be part of the discussions here. A partial list of suitable topics for WXSIG might include:

  • transducers for measurements of standard and non-standard parameters
  • transducer placement and siting for high quality measurements
  • electronic systems for processing transducer output into measurements
  • quality checking of weather measurements
  • communication of weather measurements
  • lightning protection for weather stations and computers
  • solar-powered remote weather stations and their operation
  • graphical and non-graphical display devices for weather measurements
  • use of these and other measurements in providing weather related services
  • procedures for installing and operating a home weather station
  • hardware and software issues relating to a home weather station
  • use of radio and/or the internet for weather-related public service
  • feedback from users of weather data provided by WXSIG members
The overall goal of WXSIG is to provide a means for the general public to learn about weather measurements and their use so that they can improve the quality and reliability of these measurements and enhance their usefulness to the weather community. ... Signup

About Us | Privacy Policy | Contact Us | ©2005-2014 Tucson Amateur Packet Radio Corp unless otherwise noted.

facebook twitter utube

Accept Credit Cards