Re: [mailop] gmail rejecting for invalid SPF/DKIM when there isn't any?

[Darrell Budic via mailop]

Was there any published notification about this? Not that there’s a good place 
for it, but between mailop and nanog, I’d have thought I’d have seen it…

At any rate, this error message seems like it would be better as “Gmail now 
requires senders to have SPF and/or DKIM enabled to send mail to Gmail” instead 
of saying it failed checks. Less misleading that way, and I’m not saying to my 
customer “I don’t know why it says that, you don’t seem to have SPF setup…”

I mean, yay for more correct SPF, but boo for bad error messages.

> On Aug 27, 2022, at 5:28 PM, Jarland Donnell via mailop  
> wrote:
> 
> Google has recent started requiring SPF. I don't know if they require it 100% 
> of the time but they do now reject emails from domains that either don't have 
> it, or have it improperly configured, and they won't accept it from those 
> domains until it's fixed. It has helped me a good bit, making it easier to 
> identify my customers that are violating my policy and sending without valid 
> SPF.
> 
> At least, by this point, we should be able to say that everyone has had an 
> opportunity to at least adopt SPF. Anyone who doesn't, by now, generally 
> doesn't care about their delivery quality.
> 
> On 2022-08-27 17:09, Darrell Budic via mailop wrote:
>> Anyone else seeing this? Customer of mine just got some bounces from
>> gmail for invalid SPF/DKIM. He doesn’t have either, so I’m not
>> sure what this is about?
>> Mind you, I did send him to setup a valid SPF entry, and
>> authentication is good, but this seems like a misleading error
>> message...
>>> The mail system
>>> <@gmail.com>: host gmail-smtp-in.l.google.com
>>> [1][142.251.4.27] said:
>>> 550-5.7.26 This message does not pass authentication checks (SPF
>>> and DKIM
>>> both 550-5.7.26 do not pass). SPF check for [musichael.com [2]]
>>> does not pass
>>> with ip: 550-5.7.26 [204.130.133.20].To best protect our users
>>> from spam,
>>> the message 550-5.7.26 has been blocked. Please visit 550-5.7.26
>>> https://support.google.com/mail/answer/81126#authentication for
>>> more 550
>>> 5.7.26 information.
>>> b185-20020a2567c200b006953ea7fad6si1842767ybc.571 -
>>> gsmtp (in reply to end of DATA command)
>>> Reporting-MTA: dns; smtp.ohgnetworks.com [3]
>>> X-Postfix-Queue-ID: 358D21F4D4
>>> X-Postfix-Sender: rfc822; mich...@musichael.com
>>> Arrival-Date: Sat, 27 Aug 2022 13:10:52 + (UTC)
>> Links:
>> --
>> [1] http://gmail-smtp-in.l.google.com
>> [2] http://musichael.com
>> [3] http://smtp.ohgnetworks.com
>> ___
>> mailop mailing list
>> mailop@mailop.org
>> https://list.mailop.org/listinfo/mailop
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] gmail rejecting for invalid SPF/DKIM when there isn't any?

[Darrell Budic via mailop]

It was just added about the time I was sending that email, so it wasn’t there 
when my customer got the bounces. I imagine you are seeing caching and it 
should be solid soon.

> On Aug 27, 2022, at 6:04 PM, Ángel via mailop  wrote:
> 
> On 2022-08-27 at 17:09 -0500, Darrell Budic wrote:
>> Anyone else seeing this? Customer of mine just got some bounces from
>> gmail for invalid SPF/DKIM. He doesn’t have either, so I’m not sure
>> what this is about?
>> 
>> Mind you, I did send him to setup a valid SPF entry, and
>> authentication is good, but this seems like a misleading error
>> message...
> 
> When querying the SPF record, I only get it about 50% of times:
> 
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 637
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1460
> ;; QUESTION SECTION:
> ;musichael.com.   IN  TXT
> 
> ;; ANSWER SECTION:
> musichael.com.3600IN  TXT "v=spf1 
> ip4:204.130.133.0/26 -all"
> 
> vs
> 
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3637
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 512
> ;; QUESTION SECTION:
> ;musichael.com.   IN  TXT
> 
> ;; AUTHORITY SECTION:
> musichael.com.600 IN  SOA 
> ns1.yourhostingaccount.com. admin.yourhostingaccount.com. 2012080973 10800 
> 3600 604800 3600
> 
> 
> I'm not sure what's going on, since I get the record both from
> ns1.mydomain.com and ns2.mydomain.com when pointing directly to them, It 
> could be some dns caching somewhere.
> 
> But there are definitely some shenanigans going on with your SPF
> record, it's not Google.
> 
> 
> 
> Regards
> 
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] gmail rejecting for invalid SPF/DKIM when there isn't any?

[Darrell Budic via mailop]

Anyone else seeing this? Customer of mine just got some bounces from gmail for 
invalid SPF/DKIM. He doesn’t have either, so I’m not sure what this is about?

Mind you, I did send him to setup a valid SPF entry, and authentication is 
good, but this seems like a misleading error message...

> 
>   The mail system
> 
> <@gmail.com >: host 
> gmail-smtp-in.l.google.com [142.251.4.27] 
> said:
>550-5.7.26 This message does not pass authentication checks (SPF and DKIM
>both 550-5.7.26 do not pass). SPF check for [musichael.com 
> ] does not pass
>with ip: 550-5.7.26 [204.130.133.20].To best protect our users from spam,
>the message 550-5.7.26 has been blocked. Please visit 550-5.7.26
>https://support.google.com/mail/answer/81126#authentication 
>  for more 550
>5.7.26 information. b185-20020a2567c200b006953ea7fad6si1842767ybc.571 -
>gsmtp (in reply to end of DATA command)
> Reporting-MTA: dns; smtp.ohgnetworks.com 
> X-Postfix-Queue-ID: 358D21F4D4
> X-Postfix-Sender: rfc822; mich...@musichael.com 
> Arrival-Date: Sat, 27 Aug 2022 13:10:52 + (UTC)
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] How to detect fraud login in POP IMAP or SMTP?

[Darrell Budic via mailop]

> On Sep 21, 2021, at 2:25 PM, Michael Peddemors via mailop  
> wrote:
> 
> On 2021-09-21 12:09 p.m., Mark Milhollan via mailop wrote:
>>> Block AUTH from Amazon/Gcloud/Azure by default
>> Would you include other clouds, like Alibaba, Oracle, OVH, Rackspace, etc., 
>> perhaps especially those that are "too easy" for spammers and miscreants to 
>> get a machine going on?  I can understand this sentiment but be aware it 
>> might block your more advanced users, e.g., those hosting a VPN or mail 
>> archive there or a service that does.
> 
> Funny you should mention it, the SpamRats team is working on a RATS-CLOUD 
> RBLDNSD lookup which contain lists of cloud providers with common problems ;)
> 
> While meant to be more of an informative nature, there are certain activity 
> that you should not really expect from a cloud IP, except MAYBE desktop in 
> the cloud..
> 
> But a person can make special exemptions for the few IP(s) on those clouds 
> that you expect to do AUTH behavior.. I mean really, not many of the 21 
> million Azure IP(s) need to connect via AUTH to your email server ;)

How you handle clients using Starlink, which mostly looks like their connection 
is coming from google cloud, with some Azure on the side? Does this encounter 
any issues with CGN where dozens to hundreds of users may appear to be coming 
from the same IP?

If you follow NANOG and some other groups, you’re probably aware of the spate 
of VPN blocking recently from various Video providers like Netflix and Amazon 
Prime. This seems to be (as an email provider  and  (separately, day job) a 
ISP) to be related to simple heuristic, if several people log in from one ip, 
it might be a VPN. Looking for ideas on beefing up my own email security while 
avoiding the false positives Amazon seems more willing to deal with…

  -Darrell
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop