On 4/27/19 3:54 AM, Simon Lyall wrote:
The below message was bounced by everyone (I assume) in the list whose address is hosted by gmail.
I would be surprised if it was just Gmail.
Date: Wed, 24 Apr 2019 08:44:58 -0600 From: Brielle Bruns <br...@2mbit.com> Subject: Re: [mailop] The utility of spam folders
It looks like Brielle's message was DKIM signed, modified in transit (likely by the mailop mailing list), and subsequently rejected (or otherwise penalized) by DKIM enabled recipients.
I expect that such penalizations are going to become more prevalent.
Error message similar to this: SMTP error from remote mail server after end of data: host aspmx.l.google.com [2a00:1450:400c:c00::1b]:550-5.7.1 This message does not have authentication information or fails to pass 550-5.7.1 authentication checks. To best protect our users from spam, the550-5.7.1 message has been blocked. Please visit550-5.7.1 https://support.google.com/mail/answer/81126#authentication for more550 5.7.1 information. i5si14352580wrp.442 - gsmtp
I'm used to such for SPF / DKIM / DMARC failure.I'm guessing that it was DKIM signature failure because 2mbit's DMARC record has a policy of none, thus shouldn't have applied.
The subscriptions of around 160 list-members were suspended. I'll look at unsuspending them.
I'm sort of surprised that it was only Gmail. Maybe others aren't being as restrictive and rejecting messages based on DKIM. Or perhaps there's more to Gmail's secret sauce that combined a DKIM validation failure with other aspects and decided to reject based on the combined result.
IMHO this does bring up a conversation of if mailing lists that do modify the message should pass pre-existing DKIM signatures through. I personally believe that such previous DKIM-Signatures (et al.) SHOULD be removed OR renamed (prepend something like "X-Old-") to them.
I know that different mailing lists have taken different stances on DKIM & DMARC signed posts. Some push back and may unsubscribe the secured sender. The other end is to be extremely proactive and remove / rename problematic headers and generate new counterparts as messages leave the mailing list. (I fall into the latter camp.)
But, with DMARC having governmental mandates in multiple countries, I suspect that this is going to become more of a problem. As such, I think it deserves being discussed. Particularly where along the aforementioned line the mailop mailing list wants to be.
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
