Thank you, Stephen. Your suggestions were helpful, and I genuinely appreciate the time and effort you took to provide insights.
However, after careful consideration, I realised that implementing the technical suggestions might be beyond my current capabilities. I'm now exploring migrating to a hosted service to manage the list.
Transforming to a hosted service would alleviate the technical burden and ensure the smooth operation of the list. If anyone has recommendations or experiences with reliable and affordable hosted services for Mailman list management, I would greatly appreciate your insights and guidance.
Additionally, if there are specific features or considerations I should consider when evaluating hosted services, please feel free to share your thoughts.
Once again, thank you for your assistance and support.
With regards, Francis
From: Stephen J. Turnbull <turnbull.stephen.fw@u.tsukuba.ac.jp> Sent: 07 February 2024 13:20 To: Francis Jayakanth <francis@iisc.ac.in> Cc: mailman-users@python.org <mailman-users@python.org> Subject: [Mailman-Users] Non-delivery of approved messages
External Email
Francis Jayakanth via Mailman-Users writes:
The list is running on Mailman 2.1.26.
If possible you should upgrade Mailman, currently at version 2.1.39. Almost all of the releases since 2.1.26 are primarily oriented to "security" and "reliability" issues. I don't recally any offhand that would help alleviate your current problem, but who knows? And the changes address genuine vulnerabilities that have been exploited at many sites in the past.
During the last couple of weeks, approved messages are not being delivered to the list members. When I check the Email & collaboration alerts in the Microsoft 365 Admin Portal, I see the following message:
Do you mean that Microsoft provides the email services to your organization or to a host that your organization uses, and they're not letting *your* traffic go out to *anyone*? That's a new one to me. "Shocked but not surprised", as the saying goes.
Your problem is with Microsoft. You need to get their help, especially if they are providing your email services. They do not tell us why they block some messages or some users rather than others, and it often seems completely random. Here it sounds like the "suspicious activity" is sending lots of mail to many addresses. Ie, you're being throttled *because* you're running a mailing list. But you'll have to negotiate with them if that's what's happening.
The generic recommendations are
- Get your users off Google, Yahoo, Verizon, and Office365. Yeah, I know that's "impossible", but it's the single most effective method for improving the experience of mailing list subscribers.
- If you manage your own mail system, make sure your DNS records for SPF and DKIM are in order, and that your MTA is configured to sign messages properly. If somebody else is responsible for that, ask them to check and fix any problems. (This applies to 3 throuhg 7 below, too.)
- Implement DMARC on your system. This doesn't have a standards- based effect on posters whose email accounts are not on your host, but it may enhance your site's general reputation.
- Implement the ARC (Authenticated Received Chain) protocol. The basic idea is that any change your mailing list makes such as adding list tags to the Subject or an organizational footer to the body of the mail will break the DKIM signature that attests that a valid user on the original sending system (the author or "From" address) sent the mail. ARC allows you to say (in a way that some email software understands) "We validated this message, the signatures were in order, and if it turns out to be spam or whatever you can blame us. Here's our signature so you can believe it." I don't know offhand if Microsoft implements it or if they put much weight on it, but it can't hurt. Google and Yahoo do put a fair amount of trust in it, I'm told.
The following advice is generally good, but it may not be influencing your current problem.
- Put spam filters on your *outgoing* mail. Folks are of two minds about this (if you're primarily a mailing list site and you filter incoming, you won't catch anything new going out), but sometimes you can catch things going out that you wouldn't catch coming in. This is especially true if you use Bayesian or "machine learning"-based spam filters so you can use experience to tell them in the context of the mailing list whether it's spam or not.
- Check your moderation queues ("held messages") for unusual amounts of spam -- some of it may be getting through to your subscribers.
- Check the subscription queues ("awaiting address confirmation") for an unusual number or a pattern of particular addresses being subscribed to a large number of unrelated lists. Unfortunately, the confirmation process can be abused by malicious third parties to send large numbers of address confirmation notices to unrelated addresses, thus clogging their mailboxes. Not only is this annoying and even a denial of service to the victims, but it also can hurt your site's reputation.
I'm sorry I can't be of more help, but the large providers are far more sensitive to any spam that gets through than they are to lost mail, because they can blame lost mail on the sender, while users hold them responsible for spam.
Regards, Steve