|Title||Start Date & Time||End Date & Time|
|Service Issue Reported: Campus Wireless||Monday, February 12, 2018 - 10:05am|
|Service Issue Updated: Student Account Access||Friday, February 9, 2018 - 12:39pm|
|Service Issue Reported: Power outage on East Campus||Tuesday, February 13, 2018 - 1:40pm|
|Service Maintenance Scheduled: Campus Solutions & Portals||Saturday, February 17, 2018 - 6:00am||Sunday, February 18, 2018 - 6:00pm|
|Service Maintenance Scheduled: Digication||Sunday, February 25, 2018 - 4:00am||Sunday, February 25, 2018 - 6:00am|
|Service Maintenance Scheduled: Campus Firewall||Wednesday, February 28, 2018 - 5:30am||Wednesday, February 28, 2018 - 6:30am|
Instructions are documented on the Add/Change List owner tutorial.
The Email List Manager service contained a known issue (explained in further detail below) where a user's message sent to an individual sends to an entire list. This is due to a message from a list being received from a list, but becomes associated with the sender of the list message. When entering the aforementioned sender's name in an email client, the application may auto fill the user's name and associate the list email address to them.
On November 18th, a change was made to correct this behavior. For more information on the issue and how to fix issue, please visit the Email List Manager known issues page.
In 2011, many of the largest Internet email providers (including AOL, Comcast, Google, Yahoo and Microsoft) collaborated to invent an email security policy known as Domain-based Message Authentication, Reporting and Conformance (DMARC). The purpose of the DMARC policy is to reduce phishing and email impersonation; a very worthwhile goal. Complying with the DMARC policy requires email list manager services to rewrite an email to 1) indicate the person who sent the message and 2) still include the email list address as the sending address. For example, you may see an email sent to a list arrive as Ralphie Buffalo on behalf of <email@example.com>”.
The unfortunate and difficult-to-resolve issue is that certain email clients do not yet fully understand the DMARC policy and accidentally cache the name of the person who sent the message using the email address for the list. This can lead to accidental sharing of information the next time the email client with the incorrectly cached address sends a message. In the example provided, the email client caches the user Ralphie Buffalo as having the email address firstname.lastname@example.org. Sometime in the future, when the person who uses the email client wants to send a message to Ralphie Buffalo, the cache only shows the name of the person, not the full email address, and an email intended only for Ralphie is accidentally sent to the entire email list.
Many email providers now require the DMARC rewrite of the email address before they will accept an email message. Without enabling DMARC, email list messages can not be delivered to some of the most common email services including Yahoo and AOL. This causes a significant problem for the campus Email List Management service. There are only two possible configurations for an email list: 1) Do NOT enable DMARC, and therefore accept that any list member who has an email address delivered to one of the services that require DMARC will never receive a list message, or 2) enable DMARC, and therefore accept that certain email clients will incorrectly cache the messages and open up the possibility of accidentally sending email to a full list instead of the intended individual.
The second option, enabling DMARC, was selected as the default configuration for all Email List Manager (Sympa) lists. This default setting best aligns with a list administrators expectation that a new list will guarantee delivery to all list members. A change that will deny delivery to some members requires a deliberate decision by the administrator.
Although all Email List Manager lists default to complying with the DMARC policy, each individual list can be opted-out, disabling the DMARC email address rewrite. Each list manager can decide which setting best meets their needs. Leaving the default DMARC policy in place will guarantee anyone added to the list can receive the list messages, but may result in some accidental full list replies. Disabling the DMARC policy will guarantee email clients will never accidentally cache the wrong person/list information and eliminate accidental replies, but it will prohibit delivery to any email list member who uses an email service that requires DMARC.
Until email clients are redesigned to better recognize the DMARC email rewrite and stop caching the information, there really is no “optimal” solution and list managers must decide which configuration best meets their needs.
If you know for certain that every subscriber of your Email List Manager list use a CU Boulder email service (CU Boulder Gmail or Office 365 Exchange Online for example), then it is safe to disable the DMARC policy on your list. Imporant: This is not the same thing as making sure everyone on the list has an @Colorado.EDU email address. Hundreds of @Colorado.EDU email addresses are configured to deliver to external email services that require DMARC. The members must all be using an email service that does not currently require DMARC, such as the CU Boulder email services.
If you know for certain that some of your Email List Manager subscribers use AOL, Yahoo or any other service that currently requires DMARC, you may disable the DMARC policy, but those subscribers will no longer receive list messages. As a courtesy, if you plan on disabling DMARC, you may want to notify your list prior to the change and let everyone know that some might stop receiving messages.
How to Make the Change
Email List Manager list owners may change the DMARC policy setting themselves. You may also contact the IT Service Center (5-HELP or email@example.com) for assistance.
You can always reverse your decision by returning to the Email List Manager service and setting the “Protection mode” back to “all”.
Wikipedia DMARC Information
DMARC.org Technical Proposal
“AOL Mail updates DMARC policy to ‘reject’”, AOL Postmaster
“New DMARC email authentication aims to stop phishing”, Yahoo News
“Yahoo and AOL Damage Mailing Lists and Email Forwarding”, TidBITS
Emails sent to a list must be 5MB or less in size. The size includes the attachment and body of the email.