Non-delivery of approved messages
![](https://secure.gravatar.com/avatar/9c3e9b419fe3664a69248acf78df0271.jpg?s=120&d=mm&r=g)
Hi, I administer and moderate a library and information science professional list. The list is running on Mailman 2.1.26. There are nearly 5k list subscribers, of which almost 4k are 'digest' registrants. The majority of the registrations are with personal email IDs.
During the last couple of weeks, approved messages are not being delivered to the list members. When I check the Email & collaboration alerts in the Microsoft 365 Admin Portal, I see the following message:
Suspicious email sending patterns detected, User was restricted from sending emails.
Additionally, a pop-up on the screen reads:
"Unblock entities which have been blocked for sending too many messages marked as spam/bulk."
The first approved message gets delivered after unblocking the relevant email ID and approving another message after 24 hours. For the subsequent one, the emails bounced back, and the MS admin portal reported the same error messages mentioned above.
Can someone please help me fix this issue?
Thank you for your attention and time, Francis
![](https://secure.gravatar.com/avatar/e2371bef92eb40cd7c586e9f2cc75cd8.jpg?s=120&d=mm&r=g)
Francis Jayakanth via Mailman-Users writes:
The list is running on Mailman 2.1.26.
If possible you should upgrade Mailman, currently at version 2.1.39. Almost all of the releases since 2.1.26 are primarily oriented to "security" and "reliability" issues. I don't recally any offhand that would help alleviate your current problem, but who knows? And the changes address genuine vulnerabilities that have been exploited at many sites in the past.
Do you mean that Microsoft provides the email services to your organization or to a host that your organization uses, and they're not letting *your* traffic go out to *anyone*? That's a new one to me. "Shocked but not surprised", as the saying goes.
Your problem is with Microsoft. You need to get their help, especially if they are providing your email services. They do not tell us why they block some messages or some users rather than others, and it often seems completely random. Here it sounds like the "suspicious activity" is sending lots of mail to many addresses. Ie, you're being throttled *because* you're running a mailing list. But you'll have to negotiate with them if that's what's happening.
The generic recommendations are
- Get your users off Google, Yahoo, Verizon, and Office365. Yeah, I know that's "impossible", but it's the single most effective method for improving the experience of mailing list subscribers.
- If you manage your own mail system, make sure your DNS records for SPF and DKIM are in order, and that your MTA is configured to sign messages properly. If somebody else is responsible for that, ask them to check and fix any problems. (This applies to 3 throuhg 7 below, too.)
- Implement DMARC on your system. This doesn't have a standards- based effect on posters whose email accounts are not on your host, but it may enhance your site's general reputation.
- Implement the ARC (Authenticated Received Chain) protocol. The basic idea is that any change your mailing list makes such as adding list tags to the Subject or an organizational footer to the body of the mail will break the DKIM signature that attests that a valid user on the original sending system (the author or "From" address) sent the mail. ARC allows you to say (in a way that some email software understands) "We validated this message, the signatures were in order, and if it turns out to be spam or whatever you can blame us. Here's our signature so you can believe it." I don't know offhand if Microsoft implements it or if they put much weight on it, but it can't hurt. Google and Yahoo do put a fair amount of trust in it, I'm told.
The following advice is generally good, but it may not be influencing your current problem.
- Put spam filters on your *outgoing* mail. Folks are of two minds about this (if you're primarily a mailing list site and you filter incoming, you won't catch anything new going out), but sometimes you can catch things going out that you wouldn't catch coming in. This is especially true if you use Bayesian or "machine learning"-based spam filters so you can use experience to tell them in the context of the mailing list whether it's spam or not.
- Check your moderation queues ("held messages") for unusual amounts of spam -- some of it may be getting through to your subscribers.
- Check the subscription queues ("awaiting address confirmation") for an unusual number or a pattern of particular addresses being subscribed to a large number of unrelated lists. Unfortunately, the confirmation process can be abused by malicious third parties to send large numbers of address confirmation notices to unrelated addresses, thus clogging their mailboxes. Not only is this annoying and even a denial of service to the victims, but it also can hurt your site's reputation.
I'm sorry I can't be of more help, but the large providers are far more sensitive to any spam that gets through than they are to lost mail, because they can blame lost mail on the sender, while users hold them responsible for spam.
Regards, Steve
![](https://secure.gravatar.com/avatar/9c3e9b419fe3664a69248acf78df0271.jpg?s=120&d=mm&r=g)
Thank you, Stephen. Your suggestions were helpful, and I genuinely appreciate the time and effort you took to provide insights.
However, after careful consideration, I realised that implementing the technical suggestions might be beyond my current capabilities. I'm now exploring migrating to a hosted service to manage the list.
Transforming to a hosted service would alleviate the technical burden and ensure the smooth operation of the list. If anyone has recommendations or experiences with reliable and affordable hosted services for Mailman list management, I would greatly appreciate your insights and guidance.
Additionally, if there are specific features or considerations I should consider when evaluating hosted services, please feel free to share your thoughts.
Once again, thank you for your assistance and support.
With regards, Francis
From: Stephen J. Turnbull <turnbull.stephen.fw@u.tsukuba.ac.jp> Sent: 07 February 2024 13:20 To: Francis Jayakanth <francis@iisc.ac.in> Cc: mailman-users@python.org <mailman-users@python.org> Subject: [Mailman-Users] Non-delivery of approved messages
External Email
Francis Jayakanth via Mailman-Users writes:
The list is running on Mailman 2.1.26.
If possible you should upgrade Mailman, currently at version 2.1.39. Almost all of the releases since 2.1.26 are primarily oriented to "security" and "reliability" issues. I don't recally any offhand that would help alleviate your current problem, but who knows? And the changes address genuine vulnerabilities that have been exploited at many sites in the past.
Do you mean that Microsoft provides the email services to your organization or to a host that your organization uses, and they're not letting *your* traffic go out to *anyone*? That's a new one to me. "Shocked but not surprised", as the saying goes.
Your problem is with Microsoft. You need to get their help, especially if they are providing your email services. They do not tell us why they block some messages or some users rather than others, and it often seems completely random. Here it sounds like the "suspicious activity" is sending lots of mail to many addresses. Ie, you're being throttled *because* you're running a mailing list. But you'll have to negotiate with them if that's what's happening.
The generic recommendations are
- Get your users off Google, Yahoo, Verizon, and Office365. Yeah, I know that's "impossible", but it's the single most effective method for improving the experience of mailing list subscribers.
- If you manage your own mail system, make sure your DNS records for SPF and DKIM are in order, and that your MTA is configured to sign messages properly. If somebody else is responsible for that, ask them to check and fix any problems. (This applies to 3 throuhg 7 below, too.)
- Implement DMARC on your system. This doesn't have a standards- based effect on posters whose email accounts are not on your host, but it may enhance your site's general reputation.
- Implement the ARC (Authenticated Received Chain) protocol. The basic idea is that any change your mailing list makes such as adding list tags to the Subject or an organizational footer to the body of the mail will break the DKIM signature that attests that a valid user on the original sending system (the author or "From" address) sent the mail. ARC allows you to say (in a way that some email software understands) "We validated this message, the signatures were in order, and if it turns out to be spam or whatever you can blame us. Here's our signature so you can believe it." I don't know offhand if Microsoft implements it or if they put much weight on it, but it can't hurt. Google and Yahoo do put a fair amount of trust in it, I'm told.
The following advice is generally good, but it may not be influencing your current problem.
- Put spam filters on your *outgoing* mail. Folks are of two minds about this (if you're primarily a mailing list site and you filter incoming, you won't catch anything new going out), but sometimes you can catch things going out that you wouldn't catch coming in. This is especially true if you use Bayesian or "machine learning"-based spam filters so you can use experience to tell them in the context of the mailing list whether it's spam or not.
- Check your moderation queues ("held messages") for unusual amounts of spam -- some of it may be getting through to your subscribers.
- Check the subscription queues ("awaiting address confirmation") for an unusual number or a pattern of particular addresses being subscribed to a large number of unrelated lists. Unfortunately, the confirmation process can be abused by malicious third parties to send large numbers of address confirmation notices to unrelated addresses, thus clogging their mailboxes. Not only is this annoying and even a denial of service to the victims, but it also can hurt your site's reputation.
I'm sorry I can't be of more help, but the large providers are far more sensitive to any spam that gets through than they are to lost mail, because they can blame lost mail on the sender, while users hold them responsible for spam.
Regards, Steve
![](https://secure.gravatar.com/avatar/e2371bef92eb40cd7c586e9f2cc75cd8.jpg?s=120&d=mm&r=g)
Francis Jayakanth writes:
For reasons I don't understand (I guess the vast majority of our subscribers administer their own hosts?), this kind of request rarely gets much response.
There is a substantial list of hosting services at https://wiki.list.org/COM/Mailman%20hosting%20services. The ones who list prices all look pretty "reasonable" to me, but YMMV.
Of those, EMWD (near the top) put a lot of effort into its offerings including writing completely new front ends for administration and archiving. I like ours better, but theirs are slick and definitely simpler. Brian (the founder) put substantial effort in on our lists helping users directly and was circumspect about mentioning his own company. He also produced excellent documentation for setting up a dedicated Mailman 3 server. The management has changed since due to Brian's untimely passing, and they're not as hacking-oriented as he was, but I've seen nothing that diminishes their reputation for service. They have been responsive to our occasional inquiries, but they're much less present here than before.
IIRC, mailman3.com and mailman4.com are run by the same company. I'm pretty the principal is a frequent contributor to Mailman development, both directly and as a mentor in GSoC (though not a core developer). I can't say anything about service from experience or reputation here, and he's less present on the user lists than Brian was.
I would suggest that you start by looking at that list. (Note that the order is chronological, oldest listings at the top, and I wouldn't attach much if any significance to order.) For your situation as you describe it, I would suggest looking at those where the focus is clearly on Mailman first. Folks who offer generic hosting can easily offer Mailman, but in that class service is spotty. Some are very good, I'm sure (and for that reason their customers don't show up here to compliment them! :-( ). Others are not so great for Mailman, some even say "we just install Mailman and cPanel the rest is up to you". If you have interest in a few specific providers, you could ask here.
It might be useful to specify you want private answers.
Steve
![](https://secure.gravatar.com/avatar/9c3e9b419fe3664a69248acf78df0271.jpg?s=120&d=mm&r=g)
Thank you, Stephen, for your valuable suggestions regarding Mailman hosting services. We greatly appreciate your input and will carefully consider them as we take it forward.
With regards, Francis
From: Stephen J. Turnbull <turnbull.stephen.fw@u.tsukuba.ac.jp> Sent: 26 February 2024 15:29 To: Francis Jayakanth <francis@iisc.ac.in> Cc: mailman-users@python.org <mailman-users@python.org> Subject: Re: [Mailman-Users] Non-delivery of approved messages
External Email
Francis Jayakanth writes:
For reasons I don't understand (I guess the vast majority of our subscribers administer their own hosts?), this kind of request rarely gets much response.
There is a substantial list of hosting services at https://wiki.list.org/COM/Mailman%20hosting%20services. The ones who list prices all look pretty "reasonable" to me, but YMMV.
Of those, EMWD (near the top) put a lot of effort into its offerings including writing completely new front ends for administration and archiving. I like ours better, but theirs are slick and definitely simpler. Brian (the founder) put substantial effort in on our lists helping users directly and was circumspect about mentioning his own company. He also produced excellent documentation for setting up a dedicated Mailman 3 server. The management has changed since due to Brian's untimely passing, and they're not as hacking-oriented as he was, but I've seen nothing that diminishes their reputation for service. They have been responsive to our occasional inquiries, but they're much less present here than before.
IIRC, mailman3.com and mailman4.com are run by the same company. I'm pretty the principal is a frequent contributor to Mailman development, both directly and as a mentor in GSoC (though not a core developer). I can't say anything about service from experience or reputation here, and he's less present on the user lists than Brian was.
I would suggest that you start by looking at that list. (Note that the order is chronological, oldest listings at the top, and I wouldn't attach much if any significance to order.) For your situation as you describe it, I would suggest looking at those where the focus is clearly on Mailman first. Folks who offer generic hosting can easily offer Mailman, but in that class service is spotty. Some are very good, I'm sure (and for that reason their customers don't show up here to compliment them! :-( ). Others are not so great for Mailman, some even say "we just install Mailman and cPanel the rest is up to you". If you have interest in a few specific providers, you could ask here.
It might be useful to specify you want private answers.
Steve
![](https://secure.gravatar.com/avatar/e2371bef92eb40cd7c586e9f2cc75cd8.jpg?s=120&d=mm&r=g)
Francis Jayakanth via Mailman-Users writes:
The list is running on Mailman 2.1.26.
If possible you should upgrade Mailman, currently at version 2.1.39. Almost all of the releases since 2.1.26 are primarily oriented to "security" and "reliability" issues. I don't recally any offhand that would help alleviate your current problem, but who knows? And the changes address genuine vulnerabilities that have been exploited at many sites in the past.
Do you mean that Microsoft provides the email services to your organization or to a host that your organization uses, and they're not letting *your* traffic go out to *anyone*? That's a new one to me. "Shocked but not surprised", as the saying goes.
Your problem is with Microsoft. You need to get their help, especially if they are providing your email services. They do not tell us why they block some messages or some users rather than others, and it often seems completely random. Here it sounds like the "suspicious activity" is sending lots of mail to many addresses. Ie, you're being throttled *because* you're running a mailing list. But you'll have to negotiate with them if that's what's happening.
The generic recommendations are
- Get your users off Google, Yahoo, Verizon, and Office365. Yeah, I know that's "impossible", but it's the single most effective method for improving the experience of mailing list subscribers.
- If you manage your own mail system, make sure your DNS records for SPF and DKIM are in order, and that your MTA is configured to sign messages properly. If somebody else is responsible for that, ask them to check and fix any problems. (This applies to 3 throuhg 7 below, too.)
- Implement DMARC on your system. This doesn't have a standards- based effect on posters whose email accounts are not on your host, but it may enhance your site's general reputation.
- Implement the ARC (Authenticated Received Chain) protocol. The basic idea is that any change your mailing list makes such as adding list tags to the Subject or an organizational footer to the body of the mail will break the DKIM signature that attests that a valid user on the original sending system (the author or "From" address) sent the mail. ARC allows you to say (in a way that some email software understands) "We validated this message, the signatures were in order, and if it turns out to be spam or whatever you can blame us. Here's our signature so you can believe it." I don't know offhand if Microsoft implements it or if they put much weight on it, but it can't hurt. Google and Yahoo do put a fair amount of trust in it, I'm told.
The following advice is generally good, but it may not be influencing your current problem.
- Put spam filters on your *outgoing* mail. Folks are of two minds about this (if you're primarily a mailing list site and you filter incoming, you won't catch anything new going out), but sometimes you can catch things going out that you wouldn't catch coming in. This is especially true if you use Bayesian or "machine learning"-based spam filters so you can use experience to tell them in the context of the mailing list whether it's spam or not.
- Check your moderation queues ("held messages") for unusual amounts of spam -- some of it may be getting through to your subscribers.
- Check the subscription queues ("awaiting address confirmation") for an unusual number or a pattern of particular addresses being subscribed to a large number of unrelated lists. Unfortunately, the confirmation process can be abused by malicious third parties to send large numbers of address confirmation notices to unrelated addresses, thus clogging their mailboxes. Not only is this annoying and even a denial of service to the victims, but it also can hurt your site's reputation.
I'm sorry I can't be of more help, but the large providers are far more sensitive to any spam that gets through than they are to lost mail, because they can blame lost mail on the sender, while users hold them responsible for spam.
Regards, Steve
![](https://secure.gravatar.com/avatar/9c3e9b419fe3664a69248acf78df0271.jpg?s=120&d=mm&r=g)
Thank you, Stephen. Your suggestions were helpful, and I genuinely appreciate the time and effort you took to provide insights.
However, after careful consideration, I realised that implementing the technical suggestions might be beyond my current capabilities. I'm now exploring migrating to a hosted service to manage the list.
Transforming to a hosted service would alleviate the technical burden and ensure the smooth operation of the list. If anyone has recommendations or experiences with reliable and affordable hosted services for Mailman list management, I would greatly appreciate your insights and guidance.
Additionally, if there are specific features or considerations I should consider when evaluating hosted services, please feel free to share your thoughts.
Once again, thank you for your assistance and support.
With regards, Francis
From: Stephen J. Turnbull <turnbull.stephen.fw@u.tsukuba.ac.jp> Sent: 07 February 2024 13:20 To: Francis Jayakanth <francis@iisc.ac.in> Cc: mailman-users@python.org <mailman-users@python.org> Subject: [Mailman-Users] Non-delivery of approved messages
External Email
Francis Jayakanth via Mailman-Users writes:
The list is running on Mailman 2.1.26.
If possible you should upgrade Mailman, currently at version 2.1.39. Almost all of the releases since 2.1.26 are primarily oriented to "security" and "reliability" issues. I don't recally any offhand that would help alleviate your current problem, but who knows? And the changes address genuine vulnerabilities that have been exploited at many sites in the past.
Do you mean that Microsoft provides the email services to your organization or to a host that your organization uses, and they're not letting *your* traffic go out to *anyone*? That's a new one to me. "Shocked but not surprised", as the saying goes.
Your problem is with Microsoft. You need to get their help, especially if they are providing your email services. They do not tell us why they block some messages or some users rather than others, and it often seems completely random. Here it sounds like the "suspicious activity" is sending lots of mail to many addresses. Ie, you're being throttled *because* you're running a mailing list. But you'll have to negotiate with them if that's what's happening.
The generic recommendations are
- Get your users off Google, Yahoo, Verizon, and Office365. Yeah, I know that's "impossible", but it's the single most effective method for improving the experience of mailing list subscribers.
- If you manage your own mail system, make sure your DNS records for SPF and DKIM are in order, and that your MTA is configured to sign messages properly. If somebody else is responsible for that, ask them to check and fix any problems. (This applies to 3 throuhg 7 below, too.)
- Implement DMARC on your system. This doesn't have a standards- based effect on posters whose email accounts are not on your host, but it may enhance your site's general reputation.
- Implement the ARC (Authenticated Received Chain) protocol. The basic idea is that any change your mailing list makes such as adding list tags to the Subject or an organizational footer to the body of the mail will break the DKIM signature that attests that a valid user on the original sending system (the author or "From" address) sent the mail. ARC allows you to say (in a way that some email software understands) "We validated this message, the signatures were in order, and if it turns out to be spam or whatever you can blame us. Here's our signature so you can believe it." I don't know offhand if Microsoft implements it or if they put much weight on it, but it can't hurt. Google and Yahoo do put a fair amount of trust in it, I'm told.
The following advice is generally good, but it may not be influencing your current problem.
- Put spam filters on your *outgoing* mail. Folks are of two minds about this (if you're primarily a mailing list site and you filter incoming, you won't catch anything new going out), but sometimes you can catch things going out that you wouldn't catch coming in. This is especially true if you use Bayesian or "machine learning"-based spam filters so you can use experience to tell them in the context of the mailing list whether it's spam or not.
- Check your moderation queues ("held messages") for unusual amounts of spam -- some of it may be getting through to your subscribers.
- Check the subscription queues ("awaiting address confirmation") for an unusual number or a pattern of particular addresses being subscribed to a large number of unrelated lists. Unfortunately, the confirmation process can be abused by malicious third parties to send large numbers of address confirmation notices to unrelated addresses, thus clogging their mailboxes. Not only is this annoying and even a denial of service to the victims, but it also can hurt your site's reputation.
I'm sorry I can't be of more help, but the large providers are far more sensitive to any spam that gets through than they are to lost mail, because they can blame lost mail on the sender, while users hold them responsible for spam.
Regards, Steve
![](https://secure.gravatar.com/avatar/e2371bef92eb40cd7c586e9f2cc75cd8.jpg?s=120&d=mm&r=g)
Francis Jayakanth writes:
For reasons I don't understand (I guess the vast majority of our subscribers administer their own hosts?), this kind of request rarely gets much response.
There is a substantial list of hosting services at https://wiki.list.org/COM/Mailman%20hosting%20services. The ones who list prices all look pretty "reasonable" to me, but YMMV.
Of those, EMWD (near the top) put a lot of effort into its offerings including writing completely new front ends for administration and archiving. I like ours better, but theirs are slick and definitely simpler. Brian (the founder) put substantial effort in on our lists helping users directly and was circumspect about mentioning his own company. He also produced excellent documentation for setting up a dedicated Mailman 3 server. The management has changed since due to Brian's untimely passing, and they're not as hacking-oriented as he was, but I've seen nothing that diminishes their reputation for service. They have been responsive to our occasional inquiries, but they're much less present here than before.
IIRC, mailman3.com and mailman4.com are run by the same company. I'm pretty the principal is a frequent contributor to Mailman development, both directly and as a mentor in GSoC (though not a core developer). I can't say anything about service from experience or reputation here, and he's less present on the user lists than Brian was.
I would suggest that you start by looking at that list. (Note that the order is chronological, oldest listings at the top, and I wouldn't attach much if any significance to order.) For your situation as you describe it, I would suggest looking at those where the focus is clearly on Mailman first. Folks who offer generic hosting can easily offer Mailman, but in that class service is spotty. Some are very good, I'm sure (and for that reason their customers don't show up here to compliment them! :-( ). Others are not so great for Mailman, some even say "we just install Mailman and cPanel the rest is up to you". If you have interest in a few specific providers, you could ask here.
It might be useful to specify you want private answers.
Steve
![](https://secure.gravatar.com/avatar/9c3e9b419fe3664a69248acf78df0271.jpg?s=120&d=mm&r=g)
Thank you, Stephen, for your valuable suggestions regarding Mailman hosting services. We greatly appreciate your input and will carefully consider them as we take it forward.
With regards, Francis
From: Stephen J. Turnbull <turnbull.stephen.fw@u.tsukuba.ac.jp> Sent: 26 February 2024 15:29 To: Francis Jayakanth <francis@iisc.ac.in> Cc: mailman-users@python.org <mailman-users@python.org> Subject: Re: [Mailman-Users] Non-delivery of approved messages
External Email
Francis Jayakanth writes:
For reasons I don't understand (I guess the vast majority of our subscribers administer their own hosts?), this kind of request rarely gets much response.
There is a substantial list of hosting services at https://wiki.list.org/COM/Mailman%20hosting%20services. The ones who list prices all look pretty "reasonable" to me, but YMMV.
Of those, EMWD (near the top) put a lot of effort into its offerings including writing completely new front ends for administration and archiving. I like ours better, but theirs are slick and definitely simpler. Brian (the founder) put substantial effort in on our lists helping users directly and was circumspect about mentioning his own company. He also produced excellent documentation for setting up a dedicated Mailman 3 server. The management has changed since due to Brian's untimely passing, and they're not as hacking-oriented as he was, but I've seen nothing that diminishes their reputation for service. They have been responsive to our occasional inquiries, but they're much less present here than before.
IIRC, mailman3.com and mailman4.com are run by the same company. I'm pretty the principal is a frequent contributor to Mailman development, both directly and as a mentor in GSoC (though not a core developer). I can't say anything about service from experience or reputation here, and he's less present on the user lists than Brian was.
I would suggest that you start by looking at that list. (Note that the order is chronological, oldest listings at the top, and I wouldn't attach much if any significance to order.) For your situation as you describe it, I would suggest looking at those where the focus is clearly on Mailman first. Folks who offer generic hosting can easily offer Mailman, but in that class service is spotty. Some are very good, I'm sure (and for that reason their customers don't show up here to compliment them! :-( ). Others are not so great for Mailman, some even say "we just install Mailman and cPanel the rest is up to you". If you have interest in a few specific providers, you could ask here.
It might be useful to specify you want private answers.
Steve
participants (2)
-
Francis Jayakanth
-
Stephen J. Turnbull