Re: [mailop] DMARC Stockholm syndrome, Reject vs spam folders

[Brandon Long via mailop]

On Mon, Sep 19, 2022 at 3:16 PM Slavko via mailop  wrote:

> Dňa 19. septembra 2022 21:44:08 UTC používateľ Brandon Long via mailop <
> mailop@mailop.org> napísal:
>
> >Using machine learning for personal mail or very few users, not sure if
> >that's likely to
> >be worth the investment unless you want to learn a lot about it.  You are
> >likely to have
> >a good history of "good" mail in an archive, at least, which means a model
> >to learn what
> >to whitelist may work well.
>
> While i build my own archive of SPAMs, it is still small amount of messages
> in numbers. I do not access delivered messages without exact user's
> acknowledge (despite that i can), but that are small numbers too. Thus
> after initial experiments, i abandon the mentioned neural (and fuzzy)
> rspamd's modules as wasting of resources (at least in my case).
>
> Would be great, if some bigger providers can share their models after
> training, but that again comes with problems, first is trust, then updates,
> and (of course) forrmat, thus IMO that cannot work, at least not yet. But
> perhaps it will evolve to something widely usable (as RBLDNS are) in
> future.
>
>
Models are highly dependent on the features (signals) they use, and
computing
those features would also need to be opened with the model... and it would
make it
easier for spammers to design email to avoid the model, somewhat.

In our case, the model also highly relies on a bunch of other systems such
as the
reputation for particular email features such as IPs and domains.

There is also the general question of whether a given model contains "PII"
because
it was trained on user PII.  Publishing models is complicated.

Brandon
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DMARC Stockholm syndrome, Reject vs spam folders

[Slavko via mailop]

Dňa 19. septembra 2022 21:44:08 UTC používateľ Brandon Long via mailop 
 napísal:

>Using machine learning for personal mail or very few users, not sure if
>that's likely to
>be worth the investment unless you want to learn a lot about it.  You are
>likely to have
>a good history of "good" mail in an archive, at least, which means a model
>to learn what
>to whitelist may work well.

While i build my own archive of SPAMs, it is still small amount of messages
in numbers. I do not access delivered messages without exact user's
acknowledge (despite that i can), but that are small numbers too. Thus
after initial experiments, i abandon the mentioned neural (and fuzzy)
rspamd's modules as wasting of resources (at least in my case).

Would be great, if some bigger providers can share their models after
training, but that again comes with problems, first is trust, then updates,
and (of course) forrmat, thus IMO that cannot work, at least not yet. But
perhaps it will evolve to something widely usable (as RBLDNS are) in
future.

regards


-- 
Slavko
https://www.slavino.sk/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DMARC Stockholm syndrome, Reject vs spam folders

[Brandon Long via mailop]

On Mon, Sep 19, 2022 at 2:39 PM Slavko via mailop  wrote:

> Dňa 19. septembra 2022 20:45:27 UTC používateľ Brandon Long <
> bl...@google.com> napísal:
>
> >The simple answer is you add that signal to the list of other signals in
> >your machine learning
> >model and let the model training figure out how useful it is as a signal
> >and what to combine
> >it with.  Depending on the type of ML, you may or may not be able to see
> in
> >the model the
> >utility of the specific signal.
>
> I did some experiments with rspamd's neural module recently, but the
> results had too high false positives (up to 25 %). I cannot decide, if its
> model fails or here was low messages count in learn stage or i configure
> it wrong, or whatever else. But with this result, it is not reliably usable
> for me, and i cannot build anything based on its results.
>
> I am not aware of any other thool, which one can "simple use" in
> mail processing. And to learn it from scratch and to build my own
> model/tool i have not enough time nor knowledge nor experiences in
> that.
>
> Anyway, i do not believe the machine learning systems mostly, when i
> consider that it will have bugs in code, bugs in models (as any SW
> has) and mistakes in learning, that is not something what i want
> to rely on it, despite that it is big bussword nowadays.
>

Yes, this assumes that you're already using a machine learning system and
have
enough ham & spam to feed it, and ongoing signals and re-training and all
of that.
It is certainly not trivial to get working.

Using machine learning for personal mail or very few users, not sure if
that's likely to
be worth the investment unless you want to learn a lot about it.  You are
likely to have
a good history of "good" mail in an archive, at least, which means a model
to learn what
to whitelist may work well.

Brandon
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DMARC Stockholm syndrome, Reject vs spam folders

[Slavko via mailop]

Dňa 19. septembra 2022 20:45:27 UTC používateľ Brandon Long  
napísal:

>The simple answer is you add that signal to the list of other signals in
>your machine learning
>model and let the model training figure out how useful it is as a signal
>and what to combine
>it with.  Depending on the type of ML, you may or may not be able to see in
>the model the
>utility of the specific signal.

I did some experiments with rspamd's neural module recently, but the
results had too high false positives (up to 25 %). I cannot decide, if its
model fails or here was low messages count in learn stage or i configure
it wrong, or whatever else. But with this result, it is not reliably usable
for me, and i cannot build anything based on its results.

I am not aware of any other thool, which one can "simple use" in
mail processing. And to learn it from scratch and to build my own
model/tool i have not enough time nor knowledge nor experiences in
that.

Anyway, i do not believe the machine learning systems mostly, when i
consider that it will have bugs in code, bugs in models (as any SW
has) and mistakes in learning, that is not something what i want
to rely on it, despite that it is big bussword nowadays.

regards


-- 
Slavko
https://www.slavino.sk/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DMARC Stockholm syndrome, Reject vs spam folders

[Brandon Long via mailop]

On Mon, Sep 19, 2022 at 12:43 PM Slavko via mailop 
wrote:

> Dňa 19. septembra 2022 19:05:38 UTC používateľ Brandon Long <
> bl...@google.com> napísal:
>
>
> >I think many people here will point out that user interface changes will
> >have little effect on how customers interact with spam/phishing.
> >
> >At best, these interfaces are useful to already expert users looking for
> >breadcrumbs or what to do administratively.
>
> I agree with both, it was what i want point to.
>
> >In the end, the quarantine policy is a hint to the mailbox provider as to
> >how to disposition that message, whether it's an admin level quarantine,
> >or just dropping the message in the spam folder/label, or adding a
> >warning to users, or even ignoring it.
>
> Yes, that is as i handle it -- Spam folder if not enough bad, but it
> requires
> to maintain list of exceptions, eg. for some MLs or known forwarders.
> That WL is not big problem for me thanks to small user base. But i
> cannot imagine that on big providers, thus one cannot rely on that
> haw various destinatinations will act on it when setting own policy,
> especially for not commercial/personal domains, where users can
> use very different mail flows.
>

The simple answer is you add that signal to the list of other signals in
your machine learning
model and let the model training figure out how useful it is as a signal
and what to combine
it with.  Depending on the type of ML, you may or may not be able to see in
the model the
utility of the specific signal.

You can probably do something smarter than that if you really thought it
was a good signal.
Or, you can just use it to change the "default" result of your spam
pipeline for a given message
(from ham to spam), so the existing whitelisting signals override it, but
otherwise it just goes to spam,
and you can then compare its accuracy against other rules and signals.

There have also been arguments on the dmarc lists about whether there is a
useful distinction between
quarantine and reject, whether just having pass/fail would have been
sufficient or how often do
domains stay at quarantine, is it just a step to reject...

Brandon
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Blocked on Earthlink.net

[WIlliam Fisher via mailop]

replied off list

On 9/19/22 1:31 PM, Lionel Thevenin via mailop wrote:


Hello,

I have a deliverability issue on earthlink.net. All emails are 
rejected with the text bounce : “550 5.7.1 Sender rejected - 
ELNK001_306 - 
https://postmaster-earthlink.vadesecure.com/inbound_error_codes/#_306”


I contacted Vadesecure but they told me :

“Thanks to the provided information, I've got confirmation that the 
mail address contact@ 
 was blacklisted by Earthlink.

I suggest that you reach them if this address should not be blocked.”

(I hide the address on purpose)

I tried to contact earthlink on postmas...@earthlink.net and 
ab...@earthlink.net  but I am not getting a response.


Does anyone know another way to contact them ?

*Lionel THEVENIN*

*DELIVERABILITY CONSULTANT*

*Experience optimization - Campaign managed services*

Tel :  +6 35.42.96.64
theve...@adobe.com 

Remote, Paris, FRANCE

/Have a look at the /_Adobe Campaign Deliverability Best Practice 
Guide 
_/for 
tried and true tactics to keep your email in the inbox./


/Please note upcoming days out of office & Adobe holidays: March 8, 
April 2, //May 3, May 28-June 1, June 18, July 5-9/



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] ARC field experience (was: Re: DMARC Stockholm syndrome, Reject vs spam folders)

[Dave Crocker via mailop]

On 9/19/2022 8:07 AM, Alessandro Vesely via mailop wrote:
ARC is the authentication of choice in this case because, being 
devised for this task, it is supposedly straightforward to configure 
for it, whereas whitelisting after SPF or DKIM smells like a hack. 


ARC is moderately complicated technology.  I know it's header fields are 
showing up, but nothing about the state of real-world receiver-side 
processing.


And ARC has been around long enough that it is probably worth asking for 
reports on style of use and degree of efficacy.


d/

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DMARC Stockholm syndrome, Reject vs spam folders

[Slavko via mailop]

Dňa 19. septembra 2022 19:05:38 UTC používateľ Brandon Long  
napísal:


>I think many people here will point out that user interface changes will
>have little effect on how customers interact with spam/phishing.
>
>At best, these interfaces are useful to already expert users looking for
>breadcrumbs or what to do administratively.

I agree with both, it was what i want point to.

>In the end, the quarantine policy is a hint to the mailbox provider as to
>how to disposition that message, whether it's an admin level quarantine,
>or just dropping the message in the spam folder/label, or adding a
>warning to users, or even ignoring it.

Yes, that is as i handle it -- Spam folder if not enough bad, but it requires
to maintain list of exceptions, eg. for some MLs or known forwarders.
That WL is not big problem for me thanks to small user base. But i
cannot imagine that on big providers, thus one cannot rely on that
haw various destinatinations will act on it when setting own policy,
especially for not commercial/personal domains, where users can
use very different mail flows.

>have a lot more impact on user behavior than trying to explain to the user
>why with technical jargon.

Explaining it, even in nontechnical jargon, will fail in most cases too
(now i tried it on my wife :-D ).

One thing, where i found these authentication useful is whitelisting,
i can relative reliable to distinguish (othervise broken) mails eg. by
DKIM/DMARC domain, in some cases even by SPF domain. But again,
that works only for domains, where i expect the same flow for all its
senders, not for mix of different things (as eg. gmail is).

regards


-- 
Slavko
https://www.slavino.sk/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Blocked on Earthlink.net

[Lionel Thevenin via mailop]

It is for a customer of Adobe. As a deliverability consultant, I try to find a 
solution to their problem.

 Lionel THEVENIN  |  Deliverability Consultant  |  Adobe  |  +33 
6.35.42.96.64  |  theve...@adobe.com

-Original Message-
From: Anne Mitchell  
Sent: lundi 19 septembre 2022 20:19
To: Lionel Thevenin 
Cc: mailop@mailop.org
Subject: Re: [mailop] Blocked on Earthlink.net

EXTERNAL: Use caution when clicking on links or opening attachments.


Is this for a domain through which Adobe is sending email on behalf of Adobe or 
an Adobe subsidieary, or is it for a customer of Adobe for whom you are acting 
as an ESP?

---
We provide the Good Senders email sender reputation certification list to inbox 
providers around the world. Learn more at gettotheinbox.com

Anne P. Mitchell,  Esq.
CEO Get to the Inbox by SuretyMail
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law)
Author: The Email Deliverability Handbook Board of Directors, Denver Internet 
Exchange Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School Prof. 
Emeritus, Lincoln Law School Chair Emeritus, Asilomar Microcomputer Workshop 
Counsel Emeritus, eMail Abuse Prevention System (MAPS)

> On Sep 19, 2022, at 11:31 AM, Lionel Thevenin via mailop  
> wrote:
>
> Hello,
>
> I have a deliverability issue on earthlink.net. All emails are 
> rejected with the text bounce : "550 5.7.1 Sender rejected - 
> ELNK001_306 - 
> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpost
> master-earthlink.vadesecure.com%2Finbound_error_codes%2F%23_306%25E2%2
> 580%259D&data=05%7C01%7Cthevenin%40adobe.com%7C20453cff6541461e553
> c08da9a6b6f2d%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C63799208391
> 8259097%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLC
> JBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=LnfMiYVPQgGLwbd
> LfKwnFrMI03ldWlDI3I3Gyds9Tq0%3D&reserved=0
> I contacted Vadesecure but they told me :
> "Thanks to the provided information, I've got confirmation that the mail 
> address contact@ was blacklisted by Earthlink.
> I suggest that you reach them if this address should not be blocked."
>
> (I hide the address on purpose)
> I tried to contact earthlink on postmas...@earthlink.net and 
> ab...@earthlink.net  but I am not getting a response.
> Does anyone know another way to contact them ?
>
> Lionel THEVENIN
> DELIVERABILITY CONSULTANT
> EXPERIENCE OPTIMIZATION - CAMPAIGN MANAGED SERVICES Tel :  +6 
> 35.42.96.64 theve...@adobe.com Remote, Paris, FRANCE 
>
> Have a look at the Adobe Campaign Deliverability Best Practice Guide for 
> tried and true tactics to keep your email in the inbox.
> Please note upcoming days out of office & Adobe holidays: March 8, 
> April 2, May 3, May 28-June 1, June 18, July 5-9
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist
> .mailop.org%2Flistinfo%2Fmailop&data=05%7C01%7Cthevenin%40adobe.co
> m%7C20453cff6541461e553c08da9a6b6f2d%7Cfa7b1b5a7b34438794aed2c178decee
> 1%7C0%7C0%7C637992083918415327%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjA
> wMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&am
> p;sdata=H5O5jETyGmMgB5lK5vvW1znSP5LapeOhVGWxkKWdfiI%3D&reserved=0

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DMARC Stockholm syndrome, Reject vs spam folders

[Dan Mahoney via mailop]

> On Sep 19, 2022, at 09:15, John Levine via mailop  wrote:
> 
> It appears that Jim Popovitch via mailop  said:
>> On Mon, 2022-09-19 at 17:07 +0200, Alessandro Vesely via mailop wrote:
>>> 
>>> ARC is the authentication of choice in this case because, being devised for 
>>> this task, it is supposedly straightforward to configure for it, whereas 
>>> whitelisting after SPF or DKIM smells like a hack.
>> 
>> I wish ARC was straighforward to configure and implement, but sadly I
>> haven't experienced that. ...
> 
> I entirely agree that ARC isn't yet ready for prime time.  I know the
> guy who runs OpenARC and I believe he is looking for people to resume
> work, but even at the big gorillas they are not yet using it to
> fix mailing list filtering mistakes.

Arc's biggest problem is that nobody trusts it, because it's a second party 
sender.  I.e. why should gmail trust lists.foobar.org 
 to sign for microsoft.com .  
I mean, if foobar was known-trustworthy, then maybe.  (Other examples, perhaps, 
might be nanog.org , mailop, ietf, etc).

I run a fairly large mailman install at the day job, where we talk about a 
piece of open-source DNS software.  I'd like to think we're trustworthy.  We've 
had our mailing lists since before gmail existed :)

Getting openARC running, using the standard FreeBSD port was not terribly hard, 
(but could have been more straightforward, I'll admit), and we're arc-sealing 
with our existing DKIM keys, using openARC.  Those arc seals are validating, at 
least according to the validator gmail is running.

I also have commit access to the Trusted Domain Project's repositories, and 
want to do more things with this, but I am not natively a C coder.  I'm trying 
to wrangle community patches into play between github and sourceforge, get 
better documentation written, and spin up more CI infrastructure, as well as 
triage the "this needs code" fixes that someone else can review.

My current task (as you may have seen in an earlier post) is trying to get a 
version of openDKIM that supports newer encryption types into a released 
version, and that I am sure also plays nice with openSSL 3.0 (i.e. doesn't just 
stop validating sha1 because some OS packager decided anything with that algo 
is bad) and also solving any latent CVEs.  I think OpenDKIM has one, but it's 
about the test suite, which most people never run, but I'd like to fix it 
anyway.

OpenARC could certainly use more docs about where in the milter chain to put 
it, and on which machines.

-Dan

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DMARC Stockholm syndrome, Reject vs spam folders

[Brandon Long via mailop]

On Mon, Sep 19, 2022 at 11:44 AM Slavko via mailop 
wrote:

> Dňa 19. septembra 2022 15:38:35 UTC používateľ Dave Crocker via mailop <
> mailop@mailop.org> napísal:
> >
> >On 9/17/2022 8:12 AM, Jim Popovitch via mailop wrote:
> >> and DMARC was to fix what DKIM broke,
> >> and DKIM was to fix what SPF broke, and SPF was to fix (what was SPF
> >> suppose to fix, oh yeah... provider greed and irresponsibility).
> >
> >DKIM didn't break anything.  It has limitations, as do all technologies.
>
> I agree. Problem with DKIM is not DKIM itself, but its misuse. We all here
> meet the interpretation of broken DKIM signature as sign of something
> bad, which is against RFC (hi rspamd's DKIM reputation).
>
> Even SPF doesn't break things, it only make visible another (often used)
> problem -- that forwarding does not use own envelope sender. And IMO
> it doesn't matter that RFC doesn't prohibite it, nor that there can be
> problem
> to decide what to use as sender, it was bad from start (or at least from
> time when Internet connection becomes reliable enough years ago).
>
> The main problem is DMARC. While great idea, which can solve a lot
> of fake mails, it is good (its strict policy) only for domains, which
> haven't appear in indirect flow at all, eg. banks, B2B, etc.
>
> Anyone can do research by self. How many ESP's (or other email)
> providers suggest to use p=none only as start point and then to switch
> to strict policy for all? I remember only one article, which suggest for
> most domains to stay on none policy, if there is not good enough
> reason to use something more strict.
>
> Even its RFC is really poor about the p=none and/or missing DMARC
> record at all. That is IMO meaningful too. And i will not repeat, that
> use of SPF/DKIM for DMARC itself is its misuse.
>
> Another (IMO biggest) problem of all of them is, who have to decide
> about them. Eg. How can users to interpret "quarantined" DMARC
> messages? How many MUAs provides some UI for that? And even
> when MUAs will provide it, how users will be able to identify why
> something fails? Especially when most of them know near nothing
> about cryptography, mail flows, even nor about DNS. (as previous
> thread shows, many of them even are not able to check his Spam
> folder.) If users will be not able (and they will not) to distinguish
> legitime mail from fake one, whole quarantine policy is pointless.
>

I think many people here will point out that user interface changes will
have little effect on how customers interact with spam/phishing.

At best, these interfaces are useful to already expert users looking for
breadcrumbs
or what to do administratively.

In the end, the quarantine policy is a hint to the mailbox provider as to
how to
disposition that message, whether it's an admin level quarantine, or just
dropping
the message in the spam folder/label, or adding a warning to users, or even
ignoring
it.  Surfacing the fact that dmarc failed is only going to change user
behavior on the margins,
but placing the message in the spam folder or making all links in the
message non-clickable will
have a lot more impact on user behavior than trying to explain to the user
why with technical
jargon.

Brandon
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DMARC Stockholm syndrome, Reject vs spam folders

[Brandon Long via mailop]

On Sat, Sep 17, 2022 at 11:10 AM Dave Crocker via mailop 
wrote:

>
> On 9/16/2022 7:35 PM, Brandon Long via mailop wrote:
>
> So, while AOL & Yahoo were the vanguard for mass consumer providers, the
> problems were already being experienced by many corporate domains before
> that, and even more since.
>
> The issue is not that the abuse was/is not real but that the method of
> responding to it was chosen in a manner that externalized the problem to
> innocent third-parties, breaking what they had been doing for 40 years.
>
> It would be good not to be cavalier about this, just because those
> experiencing the collateral damage are not our users.
>
Every spam false positive is collateral damage experienced by both the
sender and receiver.  And every spam false negative is another nail in
email's coffin.  Is that not also collateral damage to "not our users",
especially
since this thread is spawned from the oligopoly discussion as complaints
from small senders?

Aren't RBL's based on the power of collateral damage?

DMARC was not new in its externalization.   Maybe the forced change to
semantics makes it different in some way, or who was hit was different,
sure.

Brandon
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DMARC Stockholm syndrome, Reject vs spam folders

[Slavko via mailop]

Dňa 19. septembra 2022 15:38:35 UTC používateľ Dave Crocker via mailop 
 napísal:
>
>On 9/17/2022 8:12 AM, Jim Popovitch via mailop wrote:
>> and DMARC was to fix what DKIM broke,
>> and DKIM was to fix what SPF broke, and SPF was to fix (what was SPF
>> suppose to fix, oh yeah... provider greed and irresponsibility).
>
>DKIM didn't break anything.  It has limitations, as do all technologies.

I agree. Problem with DKIM is not DKIM itself, but its misuse. We all here
meet the interpretation of broken DKIM signature as sign of something
bad, which is against RFC (hi rspamd's DKIM reputation).

Even SPF doesn't break things, it only make visible another (often used)
problem -- that forwarding does not use own envelope sender. And IMO
it doesn't matter that RFC doesn't prohibite it, nor that there can be problem
to decide what to use as sender, it was bad from start (or at least from
time when Internet connection becomes reliable enough years ago).

The main problem is DMARC. While great idea, which can solve a lot
of fake mails, it is good (its strict policy) only for domains, which
haven't appear in indirect flow at all, eg. banks, B2B, etc.

Anyone can do research by self. How many ESP's (or other email)
providers suggest to use p=none only as start point and then to switch
to strict policy for all? I remember only one article, which suggest for
most domains to stay on none policy, if there is not good enough
reason to use something more strict.

Even its RFC is really poor about the p=none and/or missing DMARC
record at all. That is IMO meaningful too. And i will not repeat, that
use of SPF/DKIM for DMARC itself is its misuse.

Another (IMO biggest) problem of all of them is, who have to decide
about them. Eg. How can users to interpret "quarantined" DMARC
messages? How many MUAs provides some UI for that? And even
when MUAs will provide it, how users will be able to identify why
something fails? Especially when most of them know near nothing
about cryptography, mail flows, even nor about DNS. (as previous
thread shows, many of them even are not able to check his Spam
folder.) If users will be not able (and they will not) to distinguish
legitime mail from fake one, whole quarantine policy is pointless.

WHEN something is broken, nothing other can fix it, because that
will only introduce other problems. The only reason is to fix what
is broken or abandon it at all. (I do not thing, that DMARC have to
abandoned, i consider it as good idea, only not for universal use)

regards


-- 
Slavko
https://www.slavino.sk/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Blocked on Earthlink.net

[Anne Mitchell via mailop]

Is this for a domain through which Adobe is sending email on behalf of Adobe or 
an Adobe subsidieary, or is it for a customer of Adobe for whom you are acting 
as an ESP?

---
We provide the Good Senders email sender reputation certification list to inbox 
providers
around the world. Learn more at gettotheinbox.com

Anne P. Mitchell,  Esq.
CEO Get to the Inbox by SuretyMail
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law)
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus, eMail Abuse Prevention System (MAPS)

> On Sep 19, 2022, at 11:31 AM, Lionel Thevenin via mailop  
> wrote:
> 
> Hello,
>  
> I have a deliverability issue on earthlink.net. All emails are rejected with 
> the text bounce : “550 5.7.1 Sender rejected - ELNK001_306 - 
> https://postmaster-earthlink.vadesecure.com/inbound_error_codes/#_306”
> I contacted Vadesecure but they told me : 
> “Thanks to the provided information, I've got confirmation that the mail 
> address contact@ was blacklisted by Earthlink.
> I suggest that you reach them if this address should not be blocked.”
> 
> (I hide the address on purpose)
> I tried to contact earthlink on postmas...@earthlink.net and 
> ab...@earthlink.net  but I am not getting a response.
> Does anyone know another way to contact them ?
>  
> Lionel THEVENIN
> DELIVERABILITY CONSULTANT
> EXPERIENCE OPTIMIZATION - CAMPAIGN MANAGED SERVICES 
> Tel :  +6 35.42.96.64  
> theve...@adobe.com
> Remote, Paris, FRANCE
> 
>  
> Have a look at the Adobe Campaign Deliverability Best Practice Guide for 
> tried and true tactics to keep your email in the inbox.
> Please note upcoming days out of office & Adobe holidays: March 8, April 2, 
> May 3, May 28-June 1, June 18, July 5-9
>  
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Blocked on Earthlink.net

[Lionel Thevenin via mailop]

Hello,

I have a deliverability issue on earthlink.net. All emails are rejected with 
the text bounce : "550 5.7.1 Sender rejected - ELNK001_306 - 
https://postmaster-earthlink.vadesecure.com/inbound_error_codes/#_306";
I contacted Vadesecure but they told me :

"Thanks to the provided information, I've got confirmation that the mail 
address contact@ was blacklisted 
by Earthlink.
I suggest that you reach them if this address should not be blocked."
(I hide the address on purpose)
I tried to contact earthlink on 
postmas...@earthlink.net and 
ab...@earthlink.net  but I am not getting a 
response.
Does anyone know another way to contact them ?

Lionel THEVENIN
DELIVERABILITY CONSULTANT
Experience optimization - Campaign managed services
Tel :  +6 35.42.96.64
theve...@adobe.com
Remote, Paris, FRANCE
[cid:image001.png@01D8CC58.E1F49300]

Have a look at the Adobe Campaign Deliverability Best Practice 
Guide
 for tried and true tactics to keep your email in the inbox.
Please note upcoming days out of office & Adobe holidays: March 8, April 2, May 
3, May 28-June 1, June 18, July 5-9

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DMARC Stockholm syndrome, Reject vs spam folders

[John Levine via mailop]

It appears that Jim Popovitch via mailop  said:
>On Mon, 2022-09-19 at 17:07 +0200, Alessandro Vesely via mailop wrote:
>> 
>> ARC is the authentication of choice in this case because, being devised for 
>> this task, it is supposedly straightforward to configure for it, whereas 
>> whitelisting after SPF or DKIM smells like a hack.
>
>I wish ARC was straighforward to configure and implement, but sadly I
>haven't experienced that. ...

I entirely agree that ARC isn't yet ready for prime time.  I know the
guy who runs OpenARC and I believe he is looking for people to resume
work, but even at the big gorillas they are not yet using it to
fix mailing list filtering mistakes.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DMARC Stockholm syndrome, Reject vs spam folders

[Jim Popovitch via mailop]

On Mon, 2022-09-19 at 17:07 +0200, Alessandro Vesely via mailop wrote:
> 
> ARC is the authentication of choice in this case because, being devised for 
> this task, it is supposedly straightforward to configure for it, whereas 
> whitelisting after SPF or DKIM smells like a hack.

I wish ARC was straighforward to configure and implement, but sadly I
haven't experienced that.  Can teams at Google, Microsoft, AOL, etc.,
wrap ARC into their offerings, sure.  Can I wrap ARC into my mail flows,
not without a team.  Generally that team would be something like
OpenDKIM, OpenDMARC, Postfix, or even Mailman (although the latter one
have moved on to a product version that even they often admit isn't
ready for full replacement of the version of Mailman I use).  Now, you
might be thinking that OpenARC is the solution, but it isn't, and it
appears to be abandoned (last commit was 4 years ago, and there are
currently 31 outstanding issues).  Should I jump in and try to help
resolve 31 open issues in an abandoned project?  Let's see who the
project was created by and associated with... oh look, OpenDKIM and
OpenDMARC (those other technologies that promised solutions that now
need ARC to solve).  I know I'm on a soapbox here, but looking back this
whole band-aide after band-aide of wrap-around solution(s) for email
delivery sounds more like a Congressional/Legislative "solution" of
promise after promise rather than a solid solution.  This is why the
bigbox mailbox providers are winning.

-Jim P.



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DMARC Stockholm syndrome, Reject vs spam folders

[Dave Crocker via mailop]

On 9/17/2022 8:12 AM, Jim Popovitch via mailop wrote:

and DMARC was to fix what DKIM broke,
and DKIM was to fix what SPF broke, and SPF was to fix (what was SPF
suppose to fix, oh yeah... provider greed and irresponsibility).


DKIM didn't break anything.  It has limitations, as do all technologies.

DMARC did break effective third-party handling.

And providers don't create spam.  So your cleverness wasn't.

d/


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DMARC Stockholm syndrome, Reject vs spam folders

[Alessandro Vesely via mailop]

On Sat 17/Sep/2022 17:12:00 +0200 Jim Popovitch wrote:

On Sat, 2022-09-17 at 11:48 +0200, Alessandro Vesely via mailop wrote:


Yes, ARC can fix what DMARC broke.  


You must be new around here :)

If ARC is fixing what DMARC broke, and DMARC was to fix what DKIM broke,
and DKIM was to fix what SPF broke, and SPF was to fix (what was SPF
suppose to fix, oh yeah... provider greed and irresponsibility).   Have
we fixed that last part yet, because I don't think ARC is going to be
any better at fixing the real problem.



I agree it sounds funny.  In fact, it'd be enough to SPF-authenticate mailop in 
order to whitelist its messages, dmarc=fail notwithstanding.  The point of my 
draft is not so much how to authenticate, as to offer a non-munged option for 
mailing list delivery.


ARC is the authentication of choice in this case because, being devised for 
this task, it is supposedly straightforward to configure for it, whereas 
whitelisting after SPF or DKIM smells like a hack.



Best
Ale
--





___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop