On Tue, Apr 15, 2014 at 10:23:22PM -0400, Michael Richardson wrote: > So, as a WG chair, a person known to me just tried to post to the list > From a brand new yahoo.com mail account. They aren't subscribed with that > address. I would normally just approve, and add them... > > It seems to me that I must now actually reject, because it would affect other > subscribers. > > I'm now thinking that we need to remove all the @yahoo.com addresses from > posting to ietf mailing lists. So on my mailman configuration (which I believe is the default), if alice@xxxxxxxxxxx receives 5 hard fail bounces she will get automatically suspended from the mailing list. So a single e-mail from a @yahoo.com address won't cause damage, and if seven days go by without any further bounce messages, the "bounce counter" gets reset to zero. The problem comes if you have many e-mail messages from yahoo.com users (which according to yahoo and the DMARC cheerleaders, shouldn't happen happen, because mailing list traffic is "insignificant" :-). So this is what I've done on my church mailman setup. First of all, I've disabled bounce processing, so even if a yahoo.com posting slips by, it won't do any damage. (It does mean more bounce mail will end up going to the list-owner address, which I'll then have to manually deal with, but as a short-term hack, I'm willing to live with it). Secondly, I've taken all of the yahoo.com users, and set the moderation bit, so if they do send e-mail, it will be held for moderation. I can then manually cut and paste their e-mail and send it to them on their behalf. Unfortunately, about 25% of my church's governing board is using Yahoo, and so this is something I was willing to do as a short-term remediation, since I didn't want to just bounce their e-mail or let their e-mail cause other Vestry members to be removed from the mailing list. In the long-term, I'm going to try to convince some of them to move to another mail provider, or at least use another mail provider for church business. I'll also try to see if I can get a patch to mailman so it will do the "username@xxxxxxxxx" -> "username@xxxxxxxxx.INVALID" from header rewrite. But that's not something I can do on short notice, since this is a rather busy week for me. I don't know what the ietf.org secretariat should do. My short-term remediations aren't very scalable, so what works for a small church probably wouldn't work for the entire IETF. What a mess. - Ted