[Harp-L] bounce messages

[owner-harp-l@xxxxxxxxxx]

Several hundred subscribers got notices yesterday letting them know their
accounts were bouncing messages back to the harp-l server and that their
acct status had been set to nomail.  The message went on to say that you
could reset your acct by clicking a link.  To the many subscribers who did
this, thank you.  You saved me some work.  I just now manually reset
several hundred harp-l accts to normal mail status.

The problem as identified by a subscriber who admins another list is
Yahoo's DMARC policy.  DMARC is an e-mail authentication scheme in which
information is encoded into the mail header that other mail providers and
Yahoo can use to authenticate an e-mail as actually having come from the
domain it says it came from.  It's a useful tool in stopping spam and
other nefarious internet schemes and it wreaks havoc on e-mail lists like
ours because we re-mail all of your individual posts to harp-l and strip
out the authentication information and use our address as the reply to
while maintaining the subscriber's address as the from.  Anyone with a
strict DMARC policy like Yahoo rejects those e-mails and they bounce back
to our server which counts how many bounces come from any particular
address and when the number 10 is reached in a day the account gets reset
to nomail.

This is not just a Yahoo problem.  Yahoo, Hotmail. AOL, Comcast and
Bellsouth all use DMARC.  Since Yahoo is the largest e-mail provider in
the world the largest impact is from Yahoo accounts but there were other
bounced accounts.

There are some other implications to all of this.  If your provider is
bouncing e-mails it means you don't see all of the harp-l traffic.  An AOL
subscriber asked if all harp-l subscribers were getting his e-mails and my
sad answer was I don't think so.  I know for certain that Yahoo posts
don't reach the entire list.

By the way, none of this applies to people who read us on the web or
digest subscribers.  The digests all come from harp-l with a matching
authenticated reply and from address.  We are DMARC compliant.

For now I've turned off bounce processing, not a great solution because it
means I'm now accumulating dead addresses.  Why we use bounce processing
is to cull old addresses.  When several hundred accounts bounce into
oblivion all at once this feature loses its utility so it's off but long
term this is not a sustainable solution.

As the poster this morning pointed out there are not any good solutions to
this problem at the moment.  Smarter minds than mine are working on it.


Yesterday our server crashed, we had a brute force attempt to break in and
it ran us out of disk space and memory.  We were down for several hrs. 
We've added disk space and nobody actually got in but this makes it very
clear that we need to move forward with a much needed operating system
upgrade soon.  A modern OS would not have crashed.  harp-l-listowner