LISTSERV - LSTOWN-L Archives - COMMUNITY.EMAILOGY.COM

LSTOWN-L Archives

LISTSERV List Owners' Forum

LSTOWN-L

	LISTSERV Archives
	LSTOWN-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Problem now with From: *@aol.com

Ben Parker <[log in to unmask]>

Mon, 21 Apr 2014 16:50:59 -0600

text/plain (64 lines)

On Mon, 21 Apr 2014 16:44:52 -0500, Eric Johnson <[log in to unmask]> wrote:

>We've had a flurry of subscribers dropped. An assortment ... yahoo, 
>sbcglobal, rogers, frontier ...
>
>All the requests that I've dealt with have the error message:
>
>- The  last reported error  was: 5.0.0 554  Message not allowed  - 
>[PH01] Email not accepted for policy reasons.  Please visit
>http://postmaster.yahoo.com/errors/postmaster-27.html [120]

This is a separate problem from the Yahoo.com DMARC problem, even though the
error is reported for attempted delivery to a *@yahoo.com address, or one of
the many other domains like sbcglobal.com, rogers.com, etc. that are actually
handled by Yahoo.

These are spam emails coming with 'Forged From:' addresses, so far all from:
[log in to unmask]  The Subject: lines are like "Hi! News" or "Fw: News" or 
"Fw: Re:"  The email consists of 2-3 lines, in this format:

--------------
  Hi!
  News: http://(spam URL)  (NEVER Click on these!)

  [log in to unmask]
--------------

These are all spam.  But although the From: address says [log in to unmask], the
mail in fact did not come from aol.com servers.  It comes from other servers. 
(It is exactly to overcome/prevent this very same problem that Yahoo
implemented the DMARC Reject setting on mail from *@yahoo.com.  There is a
good chance that AOL may decide to do the same.  But this time LISTSERV ready
for them.)

I don't know if this is related to the 'heartbleed' OpenSSL bug, or whether or
not any AOL user accounts have actually been 'hacked'.  It would be a good
idea anyway for all *@aol.com users to change their login password now.  And
change it again in a month.

The fix is similar to the Yahoo.com DMARC problem. Except, instead of setting
*@aol.com users to NOPOST, you set them to REVIEW.  If they post a legitimate
list message, you approve it and it goes to your list.  If it is one of these
clever spams, you discard the message and keep that From: address on REVIEW.
If it is from someone on your list that you have never before heard of, you
can consider deleting them from your list.

A good first line of defense is that your list should always be set so that
new subscribers are always automatically on REVIEW when they join:  

 Default-Options= Review

You can then set them to NOREVIEW after they have proven themselves to be
non-spammers and able to post sensible messages for your list.

Let's see,... 3 major disruptions to List Management in the space of a month.
Unfortunately, I don't see a letup.  :-/

############################

To unsubscribe from the LSTOWN-L list:
write to: mailto:[log in to unmask]
or click the following link:
http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTOWN-L&A=1

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM