i see that grant and rob are having a lovely time down-thread but i have
nothing to add so i'll make this my final reply, this time to mr. iverson.
Al Iverson via mailop wrote on 2022-04-14 19:40:
On Thu, Apr 14, 2022 at 12:00 PM Jaroslaw Rafa via mailop
<mailop@mailop.org> wrote:
... Once Google's AI decides (for no apparent reason) that
it will reject e-mails from you, or put them to recipients' spam folder,
there's pretty much nothing you can do about it.
so, i am not jaroslaw rafa, but i do have a related observation.
That is false.
Cheers,
Al Iverson
and cheers to you, old comrade. let me share some of my related story.
last thanksgiving or so (nov/dec 2021) i began hearing errors from gmail
when trying to reach mailboxes they hosted. turned out it was a demand
for SPF and DKIM, which i sheepishly then implemented. alas, this just
led to the next echelon, which looked like this:
<$person@$place.com>: host aspmx.l.google.com[2607:f8b0:400e:c08::1b] said:
550-5.7.1 [2001:559:8000:cd::4 19] Our system has detected that this
550-5.7.1 message is likely suspicious due to the very low reputation of the
550-5.7.1 sending domain. To best protect our users from spam, the message has
550-5.7.1 been blocked. Please visit
550 5.7.1 https://support.google.com/mail/answer/188131 for more information.
v67si211465pfv.268 - gsmtp (in reply to end of DATA command)
i guessed and hoped that this reputation score would decay but after a
week it hadn't so i signed up with sendgrid as my outbound relay for
google hosted recipients, just to keep my mailing lists flowing. note,
this was a bad move and i regret it, postfix doesn't do what i wanted.
on a guess, i went through my historical maillogs to see what i may have
been transmitting toward gmail that could earn me a bad reputation, and
i found it immediately. bad bots had been joe-jobbing gmail.com
recipients using my mailman signup page. every request mailman sent to
one of these spoofed addresses looked to gmail like templated spam. i
sheepishly turned on SPF verification for inbound so that i'd reject
spoofed-source gmail.com mail, and also robot-proofed mailman's signup
page to keep these addresses from bypassing my SPF checks.
again i waited, hoping for decay. and note that while the user interface
of gmail's complaints wasn't good, all errors so far in this story had
been mine. i wasn't happy but i wasn't pointing fingers (yet.) anyway, a
week went by and no change. i got busy and forgot about it until a few
months later when sendgrid's renew-bot asked for another payment.
on another guess, i renumbered my outbound e-mail server, that is, i
changed only the last octet (low-order 8 bits), preserving the hostname
and DKIM key and making no changes to the SPF data. presto, it worked!
it should not have worked! what i did was too trivial to count as an
"imposed cost" by gmail.com as a defender, had i been an actual
attacker. if renumbering a host within the same netblock would bypass a
test, then that test is an ill-conceived self-defeat (or self-harm).
however, a lot of e-mail between members of my community and members of
gmail's community were bounced over a five month period, with me having
no recourse except to pay sendgrid and finally to renumber my server.
perhaps gmail as a hyper scale company has to throw out a lot of babies
with their bathwater and hope to make it up in volume. but i do not
think this is the reputation gmail wants to have -- or claims to have.
so, al, if upon hearing this story you're minded to say "paul, you
idiot, all you had to do was $thing", then i am minded to listen. if not
then i think jaroslaw rafa's assertion that you said was false, is true.
--
P Vixie
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
