FWIW, I'm seeing the same thing for our "york.edu" domain, but only for the last couple of months. The list used to handle this correctly.
*Joel Coehoorn* Director of Information Technology *York University* Office: 402-363-5603 | jcoeho...@york.edu | york.edu On Mon, Feb 27, 2023 at 8:00 AM David Liddle <da...@liddles.net> wrote: > Greetings, all! > > At the encouragement of one of the mailing list administrators, I > would like to present a situation and a proposal to you all. > > Normally, I would write from my work account, david.lid...@wycliff.de, > since one of the hats I wear is that of a Koha system administrator. > One of my other hats, however, is that of the email administrator for > our corporate domains. And the latter hat has precedence over the > former. > > To help protect our email domains from being used fraudulently, I have > implemented DMARC policies according to current recommendations. You > can read more about the Domain-based Message Authentication, Reporting > & Conformance protocol at https://dmarc.org/. The policies direct that > only messages from authorized sources should be allowed to send mail > from wycliff.de and our other domains; messages from all unauthorized > sources should be quarantined. > > With DMARC policies in place, messages that I send from my work > account to the Koha mailing list get quarantined by email providers > that comply with the policies' directives. Why? It happens because the > Koha mailing list spoofs the email address of the original sender. As > a result, there is a significant number of subscribers who did not > receive the messages at all or had to fetch them from quarantine. Some > unknown number will have been marked as spam. > > There are well-meaning reasons for this behavior within an honest, > friendly community such as the Koha mailing list. However, email > spoofing is one of the chief means by which fraudsters engage in > phishing, data exfiltration, and ransomware attacks. In my opinion, > the Koha community ought to avoid the practice of email spoofing. > Therefore, I have a proposal to make: > > -- The Koha Mailing List is based on the Mailman list system. > According to its release notes, Mailman 2.1 supports what the > developers call "DMARC mitigations". > -- Mailman DMARC Mitigations are described here: > > https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/handlers/docs/dmarc-mitigations.html > ++ I PROPOSE that the mailing list subscribers support the > implementation of DMARC mitigations to the Koha mailing list. > -- The result of the implementation would be that messages submitted > to the list would no longer spoof the sender's address, but rather be > altered so that the messages come from the list's own address, > koha@lists.katipo.co.nz. They *should* be delivered successfully to > all recipients. A reply to the message would return to the list, and a > reply to all could include the original sender's address explicitly. > -- If you agree (or disagree) with this proposal, you'll need to > indicate that in your own clever way, because there's no voting > mechanism in a mailing list. > > Thank you for being so kind and forbearing as to read this far! I hope > that you'll give my proposal your earnest consideration. > > Regards, > > David Liddle > > > After-credits scene: > > For you intrepid readers, I would like to boldly suggest something > even more daring than changing the list's sending practices. Please > consider changing the platforms of the Koha email and chat discussions > to one such as Discourse: > > -- The Discourse software and community seems to have a fair bit in > common with the character and nature of Koha's. You can read more > about the platform at https://www.discourse.org/. > -- Not only is it a web forum, but it can handle email submissions, > replies, notifications, and digests. (And it would always send from a > legitimate address.) > -- It has migration tools that appear able to import archives such as > those used by this list. > -- It has chat integration for real-time messaging that can also be > perused later. > -- It has functions for search, categorization, and groups that a > mailing list does not. > _______________________________________________ > > Koha mailing list http://koha-community.org > Koha@lists.katipo.co.nz > Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha > _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha