Wow, what a thread. So, to be clear, we don't treat DKIM failure any different than if the message lacks DKIM, at least in general (its always possible there are manual rules that do things differently that were targeted at specific campaigns, and I'm not sure if the ML thinks differently, but this isn't one of those cases)
This was not that, it was exactly what others have pointed out, if you deliver mail to gmail over ipv6 and its not authenticated, we're going to be more strict about it. mailop should be adding a dkim signature to its messages, or maybe only doing it for messages that pass authentication on inbound. Changing the >From header won't help, this isn't a DMARC based rejection. Sure, you can switch to ipv4, but really, auth isn't really optional anymore (more of our ipv6 specific rules are being changed to apply equally to ipv4 these days). I'm surprised that no one has fixed mailman's bounce handling to be smarter, a 5.7.1 response is a per-user per-message filter, and shouldn't be used as an immediate suspension. Of course, there's no specific way to handle this stuff, but bounce handling typically should have "stop sending soon" for things like "user not found", and "stop sending in the medium term" if most messages soft or hard bounce. Where you draw those lines is up for interpretation (its not uncommon for servers to get misconfigured and reject based on bogus "user not found" errors), and may be challenging if your list engine doesn't keep track of successes & failures. Whether to remove existing signatures, we do choose to do that because unfortunately we've seen a small percentage of servers that do reject messages with broken DKIM signatures. Although small, our enterprise customers get irritated when that happens, ymmv. Also, computing a dkim signature has a cost, leaving in a broken signature for everyone to spend effort evaluating when you're otherwise making changes to the message seems rude. Brandon On Sat, Apr 27, 2019 at 3:04 AM Simon Lyall <si...@darkmere.gen.nz> wrote: > FYI > > The below message was bounced by everyone (I assume) in the list > whose address is hosted by gmail. > > Date: Wed, 24 Apr 2019 08:44:58 -0600 > From: Brielle Bruns <br...@2mbit.com> > Subject: Re: [mailop] The utility of spam folders > > Error message similar to this: > > SMTP error from remote mail server after end of data: > host aspmx.l.google.com [2a00:1450:400c:c00::1b]: > 550-5.7.1 This message does not have authentication information or > fails to pass > 550-5.7.1 authentication checks. To best protect our users from spam, > the > 550-5.7.1 message has been blocked. Please visit > 550-5.7.1 > https://support.google.com/mail/answer/81126#authentication for more > 550 5.7.1 information. i5si14352580wrp.442 - gsmtp > > > The subscriptions of around 160 list-members were suspended. I'll look at > unsuspending them. > > Simon. > List Moderator > Just back from Holiday > > -- > Simon Lyall | Very Busy | Web: http://www.simonlyall.com/ > "To stay awake all night adds a day to your life" - Stilgar > > > > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop >
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
