Avoiding DMARC unsubscribes by enabling VERP_PROBES
A post in another thread reminded me of something I had overlooked until now.
If you are a site admin and you are only concerned about users being unsubscribed because of DMARC policy bounces, and you are not concerned about the mail delivery issues - i.e., it's OK if they miss the occasional post from a Yahoo or AOL user; someone else will quote it anyway ;) - you can set
VERP_PROBES = Yes
in mm_cg.py. I added a note about this to the FAQ at <http://wiki.list.org/x/ggARAQ>
This works because with VERP_PROBES enabled, a user whose bounce score reaches threshold does not have delivery immediately disabled. Instead, the user's bounce score is reset and a VERP like probe is sent to the user. If the probe bounces, the user's delivery is then disabled, but if the original bounces were for DMARC, the probe won't bounce because it is From: the list.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Why isn't this the default setting? Is there some disadvantage to it?
Peter Shute
Sent from my iPad
On 18 May 2014, at 11:19 am, "Mark Sapiro" <mark@msapiro.net> wrote:
A post in another thread reminded me of something I had overlooked until now.
If you are a site admin and you are only concerned about users being unsubscribed because of DMARC policy bounces, and you are not concerned about the mail delivery issues - i.e., it's OK if they miss the occasional post from a Yahoo or AOL user; someone else will quote it anyway ;) - you can set
VERP_PROBES = Yes
in mm_cg.py. I added a note about this to the FAQ at <http://wiki.list.org/x/ggARAQ>
This works because with VERP_PROBES enabled, a user whose bounce score reaches threshold does not have delivery immediately disabled. Instead, the user's bounce score is reset and a VERP like probe is sent to the user. If the probe bounces, the user's delivery is then disabled, but if the original bounces were for DMARC, the probe won't bounce because it is From: the list.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/pshute%40nuw.org.au
Peter Shute writes:
Why isn't this the default setting? Is there some disadvantage to it?
Until now, you only needed it when one of your peers was seriously broken. DMARC p=reject now means that AOL and Yahoo! are breaking other hosts en masse.
Disadvantage, yes. It requires resources from hosts which aren't broken, both yours and those of completely innocent third parties whose only "crime" is to participate in mailing lists on your host. It covers up the fact that the messages that bounce are also wasting your and third parties' resources. *These* resources are significant, because they involve cryptographic checks on whole messages, messages which are typically already bloated by a factor of 5 or so by HTML, and sometimes much more by "cute" background images and the like.
We really really want to stop these bounces in their tracks. *Everybody* does; they do not help anybody.
Regards,
On 05/18/2014 01:14 AM, Peter Shute wrote:
Why isn't this the default setting? Is there some disadvantage to it?
In addition to what Stephen said, VERP_PROBES requires that your MTA be configured to recognize address local parts of the form listname-bounces+token and deliver them the same as listname-bounces (In Postfix, 'recipient_delimiter = +') or to use a different delimiter that VERP_PROBE_FORMAT and VERP_PROBE_REGEXP be adjusted.
Since we can't rely on that, and since if it doesn't work, no one will ever have delivery disabled or be removed by bounce processing, the default is No.
When this feature was first implemented in 2.1.5, it was always on. It was soon realized that this was a mistake and in 2.1.6 it was controlled by a switch and defaulted to off.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (3)
-
Mark Sapiro -
Peter Shute -
Stephen J. Turnbull