Re: [mailop] Mail accepted by outlook.com/hotmail.com disappears.

2016-03-23 Thread Dave Warren 

On 2016-03-22 10:39, Michael Wise wrote:

We have convinced some of the Powers That Be that we should find another 
solution, and there is an open-ness to change on this behavior. Not gonna be 
this week or this month ... who can say for sure. But noise is being made about 
it.


Awesome, and thank you for that!

--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Yahoo DMARC changes

2016-03-23 Thread Dave Warren 

On 2016-03-23 16:32, Franck Martin via mailop wrote:
In fact, these providers offer OAUTH2 to allow you to send as using 
their infrastructure, and if you have bigger needs, many domains are 
going cheap at the moment...


Not ideal, but some options...



Are there really that many customers using freemail domains, yet paying 
for ESP services? For realsies? And if so, wouldn't this be an obvious 
upsell opportunity or partnership to get these customers using their own 
domain?


--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Yahoo DMARC changes

2016-03-23 Thread Franck Martin via mailop 
In fact, these providers offer OAUTH2 to allow you to send as using their
infrastructure, and if you have bigger needs, many domains are going cheap
at the moment...

Not ideal, but some options...

On Wed, Mar 23, 2016 at 3:45 PM, Steve Atkins  wrote:

>
> > On Mar 23, 2016, at 3:16 PM, Joel Beckham  wrote:
> >
> >
> > It's likely that ARC will become the new - much better - workaround
> eventually, modulo the inevitable deployment issues. http://arc-spec.org
> >
> > I thought that ARC doesn't help with the ESP use case, or am I missing
> something there?
>
> Probably not, no. The long term answer there is probably much the same as
> the short term one - declining to send mail "from" users of those consumer
> ISPs who've published p=reject records, and encouraging them to get an
> email address elsewhere (whether that be an email address controlled by the
> ESP or one from a more appropriate mailbox provider).
>
> Cheers,
>   Steve
>
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Yahoo DMARC changes

2016-03-23 Thread Steve Atkins 

> On Mar 23, 2016, at 3:16 PM, Joel Beckham  wrote:
> 
> 
> It's likely that ARC will become the new - much better - workaround 
> eventually, modulo the inevitable deployment issues. http://arc-spec.org
> 
> I thought that ARC doesn't help with the ESP use case, or am I missing 
> something there?

Probably not, no. The long term answer there is probably much the same as the 
short term one - declining to send mail "from" users of those consumer ISPs 
who've published p=reject records, and encouraging them to get an email address 
elsewhere (whether that be an email address controlled by the ESP or one from a 
more appropriate mailbox provider).

Cheers,
  Steve



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Yahoo DMARC changes

2016-03-23 Thread Joel Beckham 
>
> It's likely that ARC will become the new - much better - workaround
> eventually, modulo the inevitable deployment issues. http://arc-spec.org
> 
>

I thought that ARC doesn't help with the ESP use case, or am I missing
something there?
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mail accepted by outlook.com/hotmail.com disappears.

2016-03-23 Thread Aaron C. de Bruyn 
On Wed, Mar 23, 2016 at 10:16 AM, Michael Peddemors 
wrote:

> On 16-03-18 11:28 AM, Rodgers, Anthony (DTMB) wrote:
>
>> Dropping Email has been acceptable ever since unwanted email has occurred.
>>
>
I suppose it's your server, do what you want.
If I was your customer, I'd be pissed that you silently trash messages
without notifying the sender/receiver.


> There are obvious cases where this is the only option.  Technically, the
> ONLY case where email can be rejected, is during the MUA->MTA or MTA->MTA
> connection.  Once that connection has been severed, there is no guaranteed
> way that any form of notifying the sender will work, as the 'sender'
> address cannot be guaranteed to be valid, or accept any form of
> non-delivery.
>

Easy enough--make the decision while the connection is active.
Or, once the connection is closed I personally believe your only option is
to deliver it to the inbox or spam folder.
If you do virus scanning out-of-band, trash the message and send a report
to the inbox or spam folder in place of the infected message.  Or just
strip the attachment.


> What if you are in jurisdiction where delivering emails of a specific
> content is illegal?
>

Delete the message and deliver a 'notice' in its place.  "A message from
b...@foo.bar was deleted because it contained " should be sufficient.


>
> What if the recipient has indicated that he wants it dropped, rather than
> be delivered?
>

That's entirely a different matter.  If I (as the end user) delete a
message it's my decision.  If I decide to create a mail rule to delete
messages with certain strings, it's still my decision.  If something
'important' was deleted on accident, I still only have myself to blame.

Contrast this with the issue I was complaining about with Microsoft
properties.  Company A was e-mailing users of Microsoft's service.  I'm
guessing those users didn't decide that all mail from Company A's IP
address should be silently dropped--especially since they are paying
customers of Company A.  They get invoices from Company A.  They regularly
communicate with Company A.

That's the problem.

If Company A's mail server simply started getting "550 You are blocked
because of SPAM" and maybe a URL for a way to easily resolve the issue, I
don't think anyone would be upset or annoyed.

Honestly, my first response to anyone having delivery problems to Microsoft
is usually "Microsoft is probably down again.  Check again in a few hours.
Maybe tomorrow."  (
http://blogs.technet.com/b/exchange/archive/2004/04/08/109626.aspx)

After 4 hours I might start investigating.

With other providers, I get a 550 GO AWAY message almost immediately and
can respond to that right away.  You can't respond to "Is it a delay in
delivery, a service outage, or magical e-mail deletion?" right away.

-A
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mail accepted by outlook.com/hotmail.com disappears.

2016-03-23 Thread Michelle Sullivan 

Brandon Long via mailop wrote:

I think it's a numbers problem.

If you handle a high enough volume of mail, if you sometimes drop 
mail, and sometimes have false positives that you drop... you will 
eventually reach a volume of dropped false positives that will have 
visible affects.


Ie, if you reach a point of dropping 100k or 1M good messages, you're 
going to have a bad time.


And, dropping mail that the user tells you to drop is fine, obviously.



As court documents can be delivered by email in some jurisdictions it'll 
be interesting the first time something that affects judgement is dropped.


.. I have recently been on the receiving end and it cost me just under 
€5000 ... The damages are currently in debate with the company concerned 
and they are looking at whether the provider is responsible (actually 
they're trying to blame the provider, however they mis-typed an email 
... 'gmail.com.mt' != 'gmail.com' and they're just trying to find a 
reason why it's not their fault.)


Regards,

Michelle

--
Michelle Sullivan
http://www.mhix.org/


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mail accepted by outlook.com/hotmail.com disappears.

2016-03-23 Thread Brandon Long via mailop 
I think it's a numbers problem.

If you handle a high enough volume of mail, if you sometimes drop mail, and
sometimes have false positives that you drop... you will eventually reach a
volume of dropped false positives that will have visible affects.

Ie, if you reach a point of dropping 100k or 1M good messages, you're going
to have a bad time.

And, dropping mail that the user tells you to drop is fine, obviously.

Brandon

On Wed, Mar 23, 2016 at 10:16 AM, Michael Peddemors 
wrote:

> On 16-03-18 11:28 AM, Rodgers, Anthony (DTMB) wrote:
>
>> “…delete it without delivering it to the intended recipient’s INBOX or
>> Junk folder with no NDR…”
>>
>> When did dropping mail on the floor become acceptable? Or am I just
>> grumpy?
>>
>> Nobody wants backscatter, but that’s what SMTP-time DSNs are for, no?
>>
>
> Dropping Email has been acceptable ever since unwanted email has occurred.
>
> There are obvious cases where this is the only option.  Technically, the
> ONLY case where email can be rejected, is during the MUA->MTA or MTA->MTA
> connection.  Once that connection has been severed, there is no guaranteed
> way that any form of notifying the sender will work, as the 'sender'
> address cannot be guaranteed to be valid, or accept any form of
> non-delivery.
>
> Once the email handler takes ownership, of course it can set any standards
> on what it wants to deliver.  For instance, if it believes the message is
> spam, and the recipient has requested that 'all' email be forwarded to a
> remote account, forwarding that email could make it appear that the
> forwarder is the source of spam.
>
> Should you deliver malicious or harmful vectors to a person's email box?
> (Eg, a Virus laden attachment?)
>
> What if you are in jurisdiction where delivering emails of a specific
> content is illegal?
>
> What if the recipient has indicated that he wants it dropped, rather than
> be delivered?
>
> There are many reasons why rejection action cannot always happen at
> 'SMTP-time', however yes that should be the first line of defence.
>
> And especially in very high volume environments, not all delivery logic is
> possible during SMTP (well, anything is possible), especially in mixed use
> environments, where the logic needed to determine file routing/filtering
> may take longer than is acceptable for an SMTP conversation.
>
>
>
> --
> "Catch the Magic of Linux..."
> 
> Michael Peddemors, President/CEO LinuxMagic Inc.
> Visit us at http://www.linuxmagic.com @linuxmagic
> 
> A Wizard IT Company - For More Info http://www.wizard.ca
> "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
> 
> 604-682-0300 Beautiful British Columbia, Canada
>
> This email and any electronic data contained are confidential and intended
> solely for the use of the individual or entity to which they are addressed.
> Please note that any views or opinions presented in this email are solely
> those of the author and are not intended to represent those of the company.
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Anyone with a TrustWave contact that they can send me offlist?

2016-03-23 Thread Michael Peddemors 


 
--

"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mail accepted by outlook.com/hotmail.com disappears.

2016-03-23 Thread Michael Peddemors 

On 16-03-18 11:28 AM, Rodgers, Anthony (DTMB) wrote:

“…delete it without delivering it to the intended recipient’s INBOX or
Junk folder with no NDR…”

When did dropping mail on the floor become acceptable? Or am I just grumpy?

Nobody wants backscatter, but that’s what SMTP-time DSNs are for, no?


Dropping Email has been acceptable ever since unwanted email has occurred.

There are obvious cases where this is the only option.  Technically, the 
ONLY case where email can be rejected, is during the MUA->MTA or 
MTA->MTA connection.  Once that connection has been severed, there is no 
guaranteed way that any form of notifying the sender will work, as the 
'sender' address cannot be guaranteed to be valid, or accept any form of 
non-delivery.


Once the email handler takes ownership, of course it can set any 
standards on what it wants to deliver.  For instance, if it believes the 
message is spam, and the recipient has requested that 'all' email be 
forwarded to a remote account, forwarding that email could make it 
appear that the forwarder is the source of spam.


Should you deliver malicious or harmful vectors to a person's email box? 
 (Eg, a Virus laden attachment?)


What if you are in jurisdiction where delivering emails of a specific 
content is illegal?


What if the recipient has indicated that he wants it dropped, rather 
than be delivered?


There are many reasons why rejection action cannot always happen at 
'SMTP-time', however yes that should be the first line of defence.


And especially in very high volume environments, not all delivery logic 
is possible during SMTP (well, anything is possible), especially in 
mixed use environments, where the logic needed to determine file 
routing/filtering may take longer than is acceptable for an SMTP 
conversation.




--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Yahoo DMARC changes

2016-03-23 Thread Steve Atkins 

> On Mar 22, 2016, at 9:35 PM,   wrote:
> 
> Are you taking that approach because the workaround is less than ideal?  
> Otherwise the current “workaround” could be the new standard.

The workaround is terrible and breaks basic email functionality.

It's likely that ARC will become the new - much better - workaround eventually, 
modulo the inevitable deployment issues. http://arc-spec.org

Cheers,
  Steve

>  
> Frank
>  
> From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Vick Khera
> Sent: Tuesday, March 22, 2016 8:54 PM
> To: mailop 
> Subject: Re: [mailop] Yahoo DMARC changes
>  
>  
> On Tue, Mar 22, 2016 at 7:52 PM, Steve Atkins  wrote:
>> So if you've been doing anything special with forwarders or mailing lists 
>> for yahoo.com
>>  
>> it's probably a good idea to do it for their other domains too in the next 
>> few days.
>  
> When Y! first set up p=reject on their main domain, we built our system's 
> evasive maneuvers to work around it to be domain independent. Our systems do 
> a DNS lookup for the DMARC record and if they find p=reject or p=quarantine 
> and we do not sign using their From address in the domain, we automatically 
> enable the workarounds to avoid falling in the trap. No manual configuration 
> necessary.
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mail accepted by outlook.com/hotmail.com disappears.

2016-03-23 Thread Gilles Chehade 
On Tue, Mar 22, 2016 at 05:39:43PM +, Michael Wise wrote:
> We have convinced some of the Powers That Be that we should find another 
> solution, and there is an open-ness to change on this behavior. Not gonna be 
> this week or this month ... who can say for sure. But noise is being made 
> about it.
> 

very very cool, this mail dropping thing is absurd and pretty much any
other option as harsh as it can be is going to be a better response :)

let us know if you need a megaphone to amplify your noise !

-- 
Gilles Chehade

https://www.poolp.org  @poolpOrg

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop