[Coral-List] why Coral-List might disable your subscription

Mike Jankulak mike.jankulak at noaa.gov
Sun Apr 9 14:17:49 EDT 2017


This problem has been discussed here a few times in the past, but as I
look through our archives I'm realizing that the last mention of it was
almost two years ago:

http://coral.aoml.noaa.gov/pipermail/coral-list/2015-April/015381.html

So I thought a reminder might be useful.

This is an issue that affects a bit less than 10% of our subscribers, or
roughly 800 people. It affects people with Yahoo email addresses (or
people whose email is indirectly provided by Yahoo servers), but it also
affects email providers like hotmail.com, live.com, msn.com and
outlook.com, because those email services have chosen to honor Yahoo's
policies.

The Yahoo policy in question came into being on April 12, 2014, and it
concerns forged email. Under this policy if a Yahoo server receives an
email message with a Yahoo address in the From: line but which does not
originate from a Yahoo-controlled server, that email is labeled a
forgery and it is bounced back to the originating server without any
hint to the intended addressee. This affects Coral-List because our
emails preserve the From: lines as we receive them but they are sent
from our government server, which Yahoo does not consider to be a
legitimate sender of Yahoo messages.

There are two important consequences to this policy. For one, it means
that messages posted to Coral-List from a Yahoo account do not reach the
inboxes of about 800 of our subscribers. For another, it means that
whenever we forward a Yahoo-originating message we get about 800
automated bounce messages in reply.

That's all well and good, but the Coral-List software reads those bounce
messages like tea leaves to try to figure out which email addresses have
ceased to be deliverable. If we receive enough bounce messages from one
subscriber address in a short period of time, Coral-List flags that
address as non-deliverable and disables its subscription. For a while it
will try to send warnings about this to the address in question, but
eventually it gives up on that too.

So in the bigger picture, if some list discussion pulls in a bunch of
Yahoo subscribers in a short period of time, Coral-List gets flooded
with these bounce messages and sometimes it (erroneously) concludes that
all 800 of these addresses have become non-deliverable. This is what
I've been calling a "mass-disabling" event, and when it happens I go in
and pull reports of who's been affected, and then I re-enable them.
Often I will only do this after someone sends a "hey why did you disable
my subscription?" message to the moderators' email address:

coral-list-owner at coral.aoml.noaa.gov

For this next part I want to be clear that I will be expressing an
opinion that is mine and mine alone, and does not represent the official
opinion of the Coral-List moderators, the US Government, or anybody
other than me. And that opinion is this: I do not think Yahoo made this
decision maliciously but I do think they are being willfully blind to
the impact of this policy on long-established mailing-list communities
like ours. There was outcry in some circles (try doing an internet
search on keywords "Yahoo" and "DMARC" and "Mailing List" for hints of
this) and it was, so far as I can tell, ignored.

At the same time (still in my-opinion-alone territory here) there do
exist other free-email providers who do not have this particular
problem, most notably GMail. As of this writing, GMail subscribers can
post to Coral-List and expect their message to reach all of our list
members, and those messages will not inadvertently trigger bounces that
could contribute to one of these mass-disabling events. So for those of
you who may not be inextricably tied to your Yahoo addresses, or who are
comfortable juggling email from multiple accounts, you may want to
consider moving your Coral-List subscription to a GMail address. And if
you have questions about how to do this you can ask us at the
moderators' address that I mentioned a few paragraphs earlier.

I did recently take the precaution of writing some code to watch for
signs of a new bounce-tastrophe, which should send me email warnings if
we're getting close to another such event. The weak link is that there
is still a human element in this chain of defenses, but I am cautiously
optimistic that we can avoid any more largescale disabling events.

If you have questions of feedback about anything I've said here, please
feel free to contact me individually or the moderators collectively, we
are always happy to get email from our subscribers.

Mike J+, coral-list mod team

-- 
Mike Jankulak, Systems Administrator, University of Miami / CIMAS
NOAA / Atlantic Oceanographic Meteorological Laboratory
4301 Rickenbacker Causeway, Miami, FL 33149 -- 305-361-4543


More information about the Coral-List mailing list