Temporary block of @canonical.com sending to @lists.ubuntu.com
Robie Basak
racb at ubuntu.com
Fri Jan 9 16:20:02 UTC 2026
[writing as one member of the Ubuntu Technical Board]
There is currently a technical problem affecting those with
@canonical.com addresses using mailing lists hosted at
@lists.ubuntu.com. To mitigate the impact, I propose to temporarily
block, at mailing list level, emails from @canonical.com reaching
@lists.ubuntu.com at all. Even better if Canonical IS could please do
this at MTA level.
At the moment, my best understanding of the problem is:
1. @canonical.com sets a DMARC policy.
2. When a @lists.ubuntu.com mailing list distributes an email sent by
someone with a @canonical.com address, those emails do not comply with
the @canonical.com DMARC policy.
3. When the email infrastructure of a third party subscriber to a
@lists.ubuntu.com mailing list receives such an email and enforces the
sender's DMARC policy, the email is rejected. As far as I can tell, this
includes all mailing list subscribers who use Gmail and Fastmail.
4. The mailing list handler at @lists.ubuntu.com handles the rejection
by (eventually) unsubscribing third party subscribes that enforce
@canonical.com's own DMARC policy.
I understand that there is a Canonical IS ticket open (C192498) that was
filed on 25 November and has the details but the problem still
continues.
As long as this continues, the mailing lists are effectively unusable
since they are failing to redistribute emails to third party subscribers
in two ways: 1) third party subscribers who enforce sender DMARC policy
do not receive emails from @canonical.com senders when they enforce
@canonical.com's DMARC policy; and 2) third party subscribers are
getting their mailing list deliveries suspended or unsubscribed entirely
and when this happens they stop receiving emails from any mailing list
sender and not just @canonical.com senders.
If we implement the block I suggest, the problem will be migitated such
that only @canonical.com aliases are affected. Everyone else will be
able to carry on as usual. @canonical.com senders are already
effectively excluded from mailing list participation due to their
problem DMARC policy, so this would be strictly better than the current
situation. In addition, then the @canonical.com senders would receive
direct feedback of their email non-deliveries, rather than the current
situation where it seems they are not aware of the problem.
I'm not aware that @ubuntu.com senders are causing any issue, except
that they are still affected by delivery suspension or unsubscription
when @canonical.com senders send to the list. If you are a mailing list
participant at Canonical and you have an @ubuntu.com alias, I suggest
that you use it to minimise damage, and you'd be able to continue using
it even with this temporary mitigation in place.
Ironically, this message might itself be undeliverable to many
subscribers for the same unsubscription reason. Messages do end up in
the mailing list archive though, and I'll ensure to point to the other
technical board members out of band.
If there are no viable alternatives presented, I'll take this action
after a week or two for the mailing lists that I have permission to
administrate on lists.ubuntu.com, and encourage others to do the same
for other mailing lists also hosted there.
This sounds drastic so I thought it appropriate to discuss before taking
action, particularly since the problem is now months old. I don't think
it's as drastic as it sounds though, considering that it would result in
strictly better performance than the current situation.
Thanks,
Robie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/technical-board/attachments/20260109/cb452ae3/attachment.sig>
More information about the technical-board
mailing list