Attempts to get organizational domain data fail

As part of DMARC mitigation processing, Mailman looks up the DMARC policy for the From: domain. If it doesn't find a DMARC policy it attempts to look up the policy for the "organizational domain" corresponding to the From: domain if the organizational domain is different. To determine the organizational domain it uses information from the list at https://publicsuffix.org/list/public_suffix_list.dat.

Recent changes at publicsuffix.org are causing Mailman's attempt to retrieve the list to fail with

urllib2.URLError: <urlopen error [Errno 1] _ssl.c:510: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure>

This failure has been observed with Python 2.7.6 but not with Python 2.7.12. There are changes 2.7.9 which affect the underlying ssl module, and I think retrieval of this URL via urllib2, urllib or the Python requests module will all fail with Python < 2.7.9.

The effect of this issue other than writing an error log entry for every failed retrieval is that in some cases, the organizational domain will not be properly found. If the TLD is .com, .net, .gov, .edu, etc. There will be no issue, but if for example the From: domain is some.sub.domain.school.k12.ca.us and that domain doesn't publish a DMARC policy, we should look up the policy for the school.k12.ca.us organizational domain, but instead we will look up ca.us.

This will probably be more of an issue with non-US lists than with US lists, and it is not known how significant the issue is.

At present, the only known workaround is to upgrade the underlying Python.