[Coral-List] coral-list, yahoo, hotmail, and others: subscriptions disabled

Mike Jankulak mike.jankulak at noaa.gov
Fri Jun 6 11:37:49 EDT 2014

[Disclaimer: this is a developing story and some of the following is best-guess speculation.  I will follow up corrections if later events reveal any errors in my understanding of the situation.]

As nearly as I can tell, yahoo has changed its filtering policies wrt "bulk" email senders in a way that is breaking coral-list subscriptions for not just yahoo accounts but other accounts as well, most notably hotmail.  There are also impacts on other email providers.

As background, you have to understand that our mailing-list software is pretty clever about handling bounce messages.  If it sends you email, and that email bounces in a way it can recognize, it knows there's a problem.  If this happens 10 times, it will auto-disable your subscription, because there's no point in continuing to send you email that you cannot receive.  It will send you five warnings over 50 days to tell you what it's done, then give up.  You can manually re-enable your subscription at any time.  Or if there are no bounces for a week, it will reset its count of bounces for you to 0.

What's happening now is that yahoo has "recently" (according to its web site) changed its policies about identifying forged mail.  Our coral-list messages are clearly identified as such in the subject line, and the headers show them to originate from our server, but the "From" lines are left showing the c-l poster's email address.  Yahoo now apparently considers this to be mail fraud, and is bouncing (some of?) these messages before you, the subscribers, can see them.

This also has had an impact on subscribers at other addresses whose email providers have chosen to honor yahoo's new policy.  This is most obviously true of hotmail (and its aliases like live.com, msn.com, outlook.com, etc.), but is independently affecting att.net, bellsouth.net, comcast.net and others.  What happens here is that one of our yahoo subscribers posts to coral-list, that message routes through our server to everyone else, and these specific email systems see yahoo in the "From" line but our server as the originator, and conclude that the message must be bounced as a forgery.  Rather than bouncing all messages, in this case it only bounces yahoo-originating messages, but this still causes enough bounces to get these non-yahoo subscriptions auto-disabled.

[This MAY play out differently for people who subscribe to our "digest" collections.  Those messages originate from our server with a From line identified with our server, so they may not trigger the same type of filtering.  But the evidence suggests that yahoo at least is bouncing those messages too, perhaps for a different reason.]

In the last three days 832 of our subscribers, mostly from yahoo and hotmail, have had their coral-list subscriptions disabled automatically by our software.  Which necessarily means that those accounts have returned a lot of bounces to us lately, which means they're not receiving coral-list traffic anyhow.  They might not, in fact, receive this message, although I have ideas about disseminating this information off-list in a way that will still reach them.

What should you do about this?  Probably nothing, right now.  Although if you have multiple accounts from which you could subscribe to coral-list, you might want to consider deleting your yahoo/hotmail subscriptions and re-subscribing from some other account.  We can help you with this if you'd like us to.  As always, write to us at <coral-list-owner at coral.aoml.noaa.gov> with any requests for help.

What should WE be doing about this?  That's a question we're still trying to answer.  There is a registration form on yahoo's servers for "bulk" email senders to apply for special handling.  If this works, it might stop the bouncing by yahoo's own servers, but probably not the others.  We could also change our list setting so that all messages carry a "From" line identified with coral-list, although I hesitate to do this because (1) I personally think it's easier to follow a discussion when my email client knows who is writing which message and (2) it's hard to say whether such a radical change might have unintended consequences.  For now this is just an action we are considering.

Anyhow, our collective apologies for any inconvenience, and please keep those questions coming.  It was, in fact, a question from a coral-list subscriber that brought this situation to our attention in the first place.

Mike J+, c-l mod team

Mike Jankulak, Systems Administrator, University of Miami / CIMAS
NOAA / Atlantic Oceanographic Meteorological Laboratory
4301 Rickenbacker Causeway, Miami, FL 33149 -- 305-361-4543

More information about the Coral-List mailing list