[mailop] Codisto - anyone familiar with this?
Hello, I'm working deliverability & compliance at Klaviyo these days. We've noticed that we are having delivery problems to Codisto lately. It's an inventory management system for ecommerce, so I can see why our customers are emailing them. We'd like to better understand the issue. I reached out to their postmaster@ address, but wanted to check here as well to hear if anyone has any contacts there or has had similar issues. Thanks, Autumn Tyr-Salvia tyrsalvia@gmail autumn.tyrsalvia@klaviyo ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] DMARC verification issues at infomaniak.com
On 2022-01-26 at 10:15:44 UTC-0500 (Wed, 26 Jan 2022 16:15:44 +0100) Renaud Allard via mailop is rumored to have said: On 1/26/22 15:19, Bastian Blank via mailop wrote: On Wed, Jan 26, 2022 at 12:54:50PM +0100, Renaud Allard via mailop wrote: I am getting DMARC rejections at infomaniak.com. There seems to be an issue in their DMARC verifications. I tested DMARC sending to gmail which confirms me DMARC is OK for that domain. The email you sent to this list does not contain an alligned DKIM signature: | Reply-To: Renaud Allard | DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=default; bh=+XmUCCU2fEMU | vKLp3lZ2fc0YxNWXp3p9vFNlEBumO6w=; h=subject:from:to:date; | d=arnor.org; | b=gD+aAMh6+qNuDcF47kV1yXRqap+nbpqRy769CSCYOwa2vqThXVawUPJywGeHdTdSzasB | SfUBPQFvaj+2pA2Fxvlix0MfUPJc0pdcZyYWrKly3UWUkw4bQeM8p+9DdmBVOckXoafrwr | i6DW4c9HbVX6Vp1Q7kAg/PKkihEE+uxKIQdmdvXkrB3LHhxHomykI3b56rN2ShzNOJ2wmG | 1hECC6Otb3lSJAXei8teW/kj60LKRKdol/4TXJOhLlj1Pmz9uLHbgVlSck2K+Hp1Ok0Ku9 | JC1wFecDjxP5RMM82lEOyXzLmWvrdz7y/utDL2Hdjtp2IW6/igkTtjyx1yrFY3eA== The address seems to be @allard.it, but it is signed for arnor.org. You need to make sure both domains are alligned. Thank you for the tip. I have now aligned the domains. But it's quite strange that: 1: it worked for infomaniak.com till today 2: it works for every other provider One other possible cause of that is a result of using the 'simple/simple' message canonicalizationn for DKIM. That is VERY fragile, and breaks when a MTA does any sort of trivial modification (e.g. adding/removing <> around bare addresses in a To/Cc header.) Even with 'relaxed/relaxed' there are edge cases with some MTAs (i.e Sendmail) that do "helpful" things in delivery. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] DMARC verification issues at infomaniak.com
On 1/26/22 15:19, Bastian Blank via mailop wrote: On Wed, Jan 26, 2022 at 12:54:50PM +0100, Renaud Allard via mailop wrote: I am getting DMARC rejections at infomaniak.com. There seems to be an issue in their DMARC verifications. I tested DMARC sending to gmail which confirms me DMARC is OK for that domain. The email you sent to this list does not contain an alligned DKIM signature: | Reply-To: Renaud Allard | DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=default; bh=+XmUCCU2fEMU | vKLp3lZ2fc0YxNWXp3p9vFNlEBumO6w=; h=subject:from:to:date; | d=arnor.org; | b=gD+aAMh6+qNuDcF47kV1yXRqap+nbpqRy769CSCYOwa2vqThXVawUPJywGeHdTdSzasB | SfUBPQFvaj+2pA2Fxvlix0MfUPJc0pdcZyYWrKly3UWUkw4bQeM8p+9DdmBVOckXoafrwr | i6DW4c9HbVX6Vp1Q7kAg/PKkihEE+uxKIQdmdvXkrB3LHhxHomykI3b56rN2ShzNOJ2wmG | 1hECC6Otb3lSJAXei8teW/kj60LKRKdol/4TXJOhLlj1Pmz9uLHbgVlSck2K+Hp1Ok0Ku9 | JC1wFecDjxP5RMM82lEOyXzLmWvrdz7y/utDL2Hdjtp2IW6/igkTtjyx1yrFY3eA== The address seems to be @allard.it, but it is signed for arnor.org. You need to make sure both domains are alligned. Thank you for the tip. I have now aligned the domains. But it's quite strange that: 1: it worked for infomaniak.com till today 2: it works for every other provider smime.p7s Description: S/MIME Cryptographic Signature ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] DMARC verification issues at infomaniak.com
On Wed, Jan 26, 2022 at 12:54:50PM +0100, Renaud Allard via mailop wrote: > I am getting DMARC rejections at infomaniak.com. There seems to be an issue > in their DMARC verifications. I tested DMARC sending to gmail which confirms > me DMARC is OK for that domain. Please provide us with the DKIM header you use. DMARC has the brokeness that it considers both SPF and DKIM okay. So you need to evaluate both. Bastian -- History tends to exaggerate. -- Col. Green, "The Savage Curtain", stardate 5906.4 ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] DMARC verification issues at infomaniak.com
On Wed, Jan 26, 2022 at 12:54:50PM +0100, Renaud Allard via mailop wrote: > I am getting DMARC rejections at infomaniak.com. There seems to be an issue > in their DMARC verifications. I tested DMARC sending to gmail which confirms > me DMARC is OK for that domain. The email you sent to this list does not contain an alligned DKIM signature: | Reply-To: Renaud Allard | DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=default; bh=+XmUCCU2fEMU | vKLp3lZ2fc0YxNWXp3p9vFNlEBumO6w=; h=subject:from:to:date; | d=arnor.org; | b=gD+aAMh6+qNuDcF47kV1yXRqap+nbpqRy769CSCYOwa2vqThXVawUPJywGeHdTdSzasB | SfUBPQFvaj+2pA2Fxvlix0MfUPJc0pdcZyYWrKly3UWUkw4bQeM8p+9DdmBVOckXoafrwr | i6DW4c9HbVX6Vp1Q7kAg/PKkihEE+uxKIQdmdvXkrB3LHhxHomykI3b56rN2ShzNOJ2wmG | 1hECC6Otb3lSJAXei8teW/kj60LKRKdol/4TXJOhLlj1Pmz9uLHbgVlSck2K+Hp1Ok0Ku9 | JC1wFecDjxP5RMM82lEOyXzLmWvrdz7y/utDL2Hdjtp2IW6/igkTtjyx1yrFY3eA== The address seems to be @allard.it, but it is signed for arnor.org. You need to make sure both domains are alligned. Bastian -- You can't evaluate a man by logic alone. -- McCoy, "I, Mudd", stardate 4513.3 ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] DMARC verification issues at infomaniak.com
On 1/26/22 14:35, Andrew C Aitchison via mailop wrote: On Wed, 26 Jan 2022, Renaud Allard via mailop wrote: On 1/26/22 13:12, Andrew C Aitchison via mailop wrote: On Wed, 26 Jan 2022, Renaud Allard via mailop wrote: I am getting DMARC rejections at infomaniak.com. There seems to be an issue in their DMARC verifications. I tested DMARC sending to gmail which confirms me DMARC is OK for that domain. Is there anyone here from infomaniak who can check this issue? Jan 26 12:28:02 isildur smtpd[8927]: 7d3268f1d44f2cad mta delivery evpid=b037b0d7d3e854e6 from=<@waucquez.org> to=<*@avocats-verbruggen.be> rcpt=<-> source="192.168.254.2" relay="83.166.143.58 (mx02.infomaniak.com)" delay=2s result="PermFail" stat="550 5.7.1 rejected by DMARC policy for waucquez.org" # host _dmarc.waucquez.org _dmarc.waucquez.org is an alias for _dmarc.arnor.org. # host -t any _dmarc.arnor.org. _dmarc.arnor.org descriptive text "v=DMARC1; p=reject; sp=reject; pct=100;" Looks to me that infomaniak are doing what you/waucquez.org/arnor.org requested. I indeed asked to reject mails when DMARC fails, not when DMARC is OK. So, while it's indeed applying the policy correctly in case of a failure, it doesn't return the correct answer for the checks... You are correct. # host -t txt waucquez.org waucquez.org descriptive text "v=spf1 redirect=arnor.org" # host -t txt arnor.org arnor.org descriptive text "v=spf1 mx a:isildur.arnor.org a:amandil.arnor.org a:elendil.arnor.org a:elrond.arnor.org a:mail.openbsd.org -all" ... which does not include "192.168.254.2" :-) But it includes the NATted IP from which the server is going out ;) So 83.166.143.58 (mx02.infomaniak.com) is failing the message on SPF because of the internal route through their system. They are ideed at fault. My apologies. smime.p7s Description: S/MIME Cryptographic Signature ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] DMARC verification issues at infomaniak.com
On Wed, 26 Jan 2022, Renaud Allard via mailop wrote: On 1/26/22 13:12, Andrew C Aitchison via mailop wrote: On Wed, 26 Jan 2022, Renaud Allard via mailop wrote: I am getting DMARC rejections at infomaniak.com. There seems to be an issue in their DMARC verifications. I tested DMARC sending to gmail which confirms me DMARC is OK for that domain. Is there anyone here from infomaniak who can check this issue? Jan 26 12:28:02 isildur smtpd[8927]: 7d3268f1d44f2cad mta delivery evpid=b037b0d7d3e854e6 from=<@waucquez.org> to=<*@avocats-verbruggen.be> rcpt=<-> source="192.168.254.2" relay="83.166.143.58 (mx02.infomaniak.com)" delay=2s result="PermFail" stat="550 5.7.1 rejected by DMARC policy for waucquez.org" # host _dmarc.waucquez.org _dmarc.waucquez.org is an alias for _dmarc.arnor.org. # host -t any _dmarc.arnor.org. _dmarc.arnor.org descriptive text "v=DMARC1; p=reject; sp=reject; pct=100;" Looks to me that infomaniak are doing what you/waucquez.org/arnor.org requested. I indeed asked to reject mails when DMARC fails, not when DMARC is OK. So, while it's indeed applying the policy correctly in case of a failure, it doesn't return the correct answer for the checks... You are correct. # host -t txt waucquez.org waucquez.org descriptive text "v=spf1 redirect=arnor.org" # host -t txt arnor.org arnor.org descriptive text "v=spf1 mx a:isildur.arnor.org a:amandil.arnor.org a:elendil.arnor.org a:elrond.arnor.org a:mail.openbsd.org -all" ... which does not include "192.168.254.2" :-) So 83.166.143.58 (mx02.infomaniak.com) is failing the message on SPF because of the internal route through their system. They are ideed at fault. My apologies. -- Andrew C. Aitchison Kendal, UK and...@aitchison.me.uk ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] DMARC verification issues at infomaniak.com
On 1/26/22 13:12, Andrew C Aitchison via mailop wrote: On Wed, 26 Jan 2022, Renaud Allard via mailop wrote: I am getting DMARC rejections at infomaniak.com. There seems to be an issue in their DMARC verifications. I tested DMARC sending to gmail which confirms me DMARC is OK for that domain. Is there anyone here from infomaniak who can check this issue? Jan 26 12:28:02 isildur smtpd[8927]: 7d3268f1d44f2cad mta delivery evpid=b037b0d7d3e854e6 from=<@waucquez.org> to=<*@avocats-verbruggen.be> rcpt=<-> source="192.168.254.2" relay="83.166.143.58 (mx02.infomaniak.com)" delay=2s result="PermFail" stat="550 5.7.1 rejected by DMARC policy for waucquez.org" # host _dmarc.waucquez.org _dmarc.waucquez.org is an alias for _dmarc.arnor.org. # host -t any _dmarc.arnor.org. _dmarc.arnor.org descriptive text "v=DMARC1; p=reject; sp=reject; pct=100;" Looks to me that infomaniak are doing what you/waucquez.org/arnor.org requested. I indeed asked to reject mails when DMARC fails, not when DMARC is OK. So, while it's indeed applying the policy correctly in case of a failure, it doesn't return the correct answer for the checks... smime.p7s Description: S/MIME Cryptographic Signature ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] DMARC verification issues at infomaniak.com
On Wed, 26 Jan 2022, Renaud Allard via mailop wrote: I am getting DMARC rejections at infomaniak.com. There seems to be an issue in their DMARC verifications. I tested DMARC sending to gmail which confirms me DMARC is OK for that domain. Is there anyone here from infomaniak who can check this issue? Jan 26 12:28:02 isildur smtpd[8927]: 7d3268f1d44f2cad mta delivery evpid=b037b0d7d3e854e6 from=<@waucquez.org> to=<*@avocats-verbruggen.be> rcpt=<-> source="192.168.254.2" relay="83.166.143.58 (mx02.infomaniak.com)" delay=2s result="PermFail" stat="550 5.7.1 rejected by DMARC policy for waucquez.org" # host _dmarc.waucquez.org _dmarc.waucquez.org is an alias for _dmarc.arnor.org. # host -t any _dmarc.arnor.org. _dmarc.arnor.org descriptive text "v=DMARC1; p=reject; sp=reject; pct=100;" Looks to me that infomaniak are doing what you/waucquez.org/arnor.org requested. -- Andrew C. Aitchison Kendal, UK and...@aitchison.me.uk ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] DMARC verification issues at infomaniak.com
Hello, I am getting DMARC rejections at infomaniak.com. There seems to be an issue in their DMARC verifications. I tested DMARC sending to gmail which confirms me DMARC is OK for that domain. Is there anyone here from infomaniak who can check this issue? Jan 26 12:28:02 isildur smtpd[8927]: 7d3268f1d44f2cad mta delivery evpid=b037b0d7d3e854e6 from=<@waucquez.org> to=<*@avocats-verbruggen.be> rcpt=<-> source="192.168.254.2" relay="83.166.143.58 (mx02.infomaniak.com)" delay=2s result="PermFail" stat="550 5.7.1 rejected by DMARC policy for waucquez.org" Thank you, Best Regards smime.p7s Description: S/MIME Cryptographic Signature ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] DMARC Reports to aliexpress.com won't be delivered.
Hello Mailop members, I'm sending daily DMARC Reports from my mailserver. In the past times, i received a lot undelivered mails from postmas...@aliyun.com that the mailbox dmarc...@service.alibaba.com from the _dmarc.aliexpress.com DNS record is full. I had also contacted postmas...@aliyun.com, but i hadn't received an answer yet. Does someone from this mailing list also have this issue and know how to contact aliexpress.com. The only option to resolve this issue, that aliexpress clean their mailbox or that i block aliexpress.com for dmarc delivery. In general, there are also a lot of other _dmarc. records, that have e-mail addresses that doesn't work and generate undelivered messages. ``` 您发送的邮件被退回,相关信息如下: 发件人:dmarcrep...@joder.li 主题:Report Domain: aliexpress.com Submitter: joder.li Report-ID: aliexpress.com.1643065215.1643151610 原文:邮件原文包含在附件中。 时间:2022年01月26日 07:05:44 CST 无法发送到dmarc...@service.alibaba.com 系统应答:(11) 退信原因:收件方邮箱可用容量不足,或该邮件大小超过收件方系统对单封邮件的限制,导致邮件被系统退回。 解决建议:1.请联系收件方确认其有足够的空间;2.请联系收件方确认当前邮件大小是否超过对方对单封邮件的大小限制,如有附件可通过webmail以超大附件发送;3.请临时发送到收件方预留的备用邮箱。 Sorry to bounce your email, Information related below: Sender: dmarcrep...@joder.li Subject: Report Domain: aliexpress.com Submitter: joder.li Report-ID: aliexpress.com.1643065215.1643151610 Original: Original email has been attached. Date: Wed, 26 Jan 2022 07:05:44 +0800 Can not deliver to dmarc...@service.alibaba.com Reply:(11) Reason:There is no enough available space in the recipient mailbox, or your mail size is larger than the limit of the recipient Email system. Solution:1.Please contact the recipient to make sure there is enough space in his mailbox;2.Please contact the recipient to check if the current mail size is larger than the limit of his mail system. If there is any attachment, you can transfer it as a BigAttach with Webmail;3.Please send the mail to the backup Email address of the recipient. ``` Thanks Noa ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop