Re: [mailop] Noticed Google now suggests changing envelope sender for forwarding

[Byung-Hee HWANG via mailop]

> "no auth, no entry"

This is it, thanks!


Sincerely, Byung-Hee
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] SRS? Was Noticed Google now suggests changing envelope sender for forwarding

[Brandon Long via mailop]

On Thu, Jun 1, 2023 at 11:20 AM Alessandro Vesely via mailop <
mailop@mailop.org> wrote:

> On Thu 01/Jun/2023 17:45:38 +0200 Robert L Mathews wrote:
> > So I guess it's time to add SRS rewriting for Gmail addresses...!
>
>
> The only points I see in SRS are mailbox full or oversize.  You ought to
> notify
> the author that the message got lost.  It is just a temporary feature,
> though.
>
> But this does not happen so frequently any more.  Disk space went cheaper
> and
> cheaper, and mailbox limits are not so tight any more.  Permanent
> failures,
> 5xx, are permanent, like cancelled account.  In that case, SRS doesn't do
> a
> good job.  It is better to remove the forwarding instructions completely,
> no?
>

I feel like SRS is trying to be something more than just VERP, but the more
was never really flushed out.

The "more" is validation that you generated the address, so you can ignore
mail that isn't actually a bounce... perhaps if
it starts getting spam or whatever.

The issue is that bounces may occur after days, so you would need to make
your address usable for days.  And you might get
transient bounce messages ("still trying"), or the next hop may not rewrite
and forward to multiple addresses...

Anyways, most folks seem to be fine with just a less validated approach, up
to them.

Gmail's forwarding has always used a VERPs like approach with the +=caf
semantics, and yes, repeated bounces of certain types
can lead to the forwarding being disabled... though, there's obviously
issues with stopping forwarding because customers may never
be checking the forwarding account.

Also, 5xx means permanent failure just for that transaction, not for the
account ever... though one can try and deduce whether the latter is true.

Anyways, obviously folks who forward should not respond to the sending
server until the message has been accepted by the forwarding server, and any
smtp rejection should be propagated directly to the sender... oh, and spam
check before even attempting to forward, of course.

Brandon
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Noticed Google now suggests changing envelope sender for forwarding

[Bill Cole via mailop]

On 2023-06-01 at 13:58:22 UTC-0400 (Thu, 01 Jun 2023 19:58:22 +0200)
Benny Pedersen via mailop 
is rumored to have said:

> default in all mta, at least postfix is to use new envelope sender so spf 
> works from new sender domain, why not keep it simple ?

That is simply FALSE.


Sendmail and Postfix DO NOT change the envelope sender for mail forwarded via 
alias or .forward mechanisms. That's the whole reason SRS tools exist.

-- 
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Noticed Google now suggests changing envelope sender for forwarding

[Michael Peddemors via mailop]

+ 1 (I believe you of course mean remote forwards)

On 2023-06-01 10:58, Benny Pedersen via mailop wrote:

if this is complicated, don't use forwards



--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] SRS? Was Noticed Google now suggests changing envelope sender for forwarding

[Alessandro Vesely via mailop]

On Thu 01/Jun/2023 17:45:38 +0200 Robert L Mathews wrote:

So I guess it's time to add SRS rewriting for Gmail addresses...!



The only points I see in SRS are mailbox full or oversize.  You ought to notify 
the author that the message got lost.  It is just a temporary feature, though.


But this does not happen so frequently any more.  Disk space went cheaper and 
cheaper, and mailbox limits are not so tight any more.  Permanent failures, 
5xx, are permanent, like cancelled account.  In that case, SRS doesn't do a 
good job.  It is better to remove the forwarding instructions completely, no?



Best
Ale


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Noticed Google now suggests changing envelope sender for forwarding

[Benny Pedersen via mailop]

Robert L Mathews via mailop skrev den 2023-06-01 17:45:

Maybe other people have noticed and discussed this and I'm just behind
the times, but for more than a decade, Google specifically said:

"Avoid changing the envelope sender when forwarding email to Gmail."


lets use forged original sender, works much better :)


(You can see this as recently as last November at
.)


default in all mta, at least postfix is to use new envelope sender so 
spf works from new sender domain, why not keep it simple ?


note there google will see this non aligned in dmarc since its a forward


Because of that, we didn't do it. But I noticed that the current page
at  now says the exact
opposite:

"Change the envelope sender to reference your forwarding domain."

So I guess it's time to add SRS rewriting for Gmail addresses...!


no

SRS just hide all fails, it does not solve all fails, don't use SRS

google is right, use local adresses on the forward host that can bounce 
back to original sender local, if this is complicated, don't use 
forwards


Life is good, use linux

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Transparency is key... Here is a perfect example.. M3AAWG is coming.. time to take a stance?

[Alessandro Vesely via mailop]

On Wed 31/May/2023 00:13:38 +0200 Michael Peddemors via mailop wrote:

18.156.43.163   (M)   1   guardpost-n08.euc1.mailgun.co
18.157.58.83    (M)   1   guardpost-n07.euc1.mailgun.co
18.157.75.126   (M)   1   guardpost-n01.euc1.mailgun.co
18.158.176.19   (M)   1   guardpost-n02.euc1.mailgun.co
18.197.223.145  (M)   1   guardpost-n05.euc1.mailgun.co

Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: ab...@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Domain Status: clientTransferProhibited 
https://icann.org/epp#clientTransferProhibited

Registry Registrant ID: REDACTED FOR PRIVACY

whois on the IP?

18.156.0.0/14 AMAZO-ZFRA
Organization:   A100 ROW GmbH (RG-123)



The difference between names and numbers is amazing:

At https://rdap.arin.net/registry/ip/18.156.0.0
among other things you find:

registrant:
A100 ROW GmbH
Marcel-Breuer-Strasse 10\nMunchen\n\n80807\nGermany

abuse:
Amazon EC2 Abuse
ab...@amazonaws.com
+1-206-555-
Abuse of Amazon Web Services
The activity you have detected originates from a dynamic hosting environment.
For fastest response, please submit abuse reports via the AWS webform:
https://repost.aws/knowledge-center/report-aws-abuse
If your company system is configured to automatically send abuse reports, 
please send them to ab...@amazonaws.com including:

* src IP
* dest IP (your IP)
* dest port
* Accurate date/timestamp and timezone of activity
* Intensity/frequency (short log extracts)
* Your contact details (phone and email)

technical:
Amazon EC2 Network Operations
amzn-noc-cont...@amazon.com

noc:
Amazon AWS Network Operations
amzn-noc-cont...@amazon.com
+1-206-555-

administrative:
IP Management
ipmanagem...@amazon.com
+1-703-464-1336


Best
Ale
--













___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Noticed Google now suggests changing envelope sender for forwarding

[Aaron Richton via mailop]

On Thu, 1 Jun 2023, Robert L Mathews via mailop wrote:

Maybe other people have noticed and discussed this and I'm just behind 
the times, but for more than a decade, Google specifically said:


"Avoid changing the envelope sender when forwarding email to Gmail."


You're kind of proving the point with the archive.org link -- but you're 
not behind the times per se, the problem was the system behavior changed 
without the documentation changing.


(The other issue is that one of the common 5xx texts in this scenario 
references "PTR records," as Jarland's thread last month discussed -- 
which sadly gets you looking in the wrong direction.)


Nice to see docs that match reality, and it's also interesting to see the 
hat tip toward ARC for forwarding...


(You can see this as recently as last November at 
.)


Because of that, we didn't do it. But I noticed that the current page at 
 now says the exact opposite:


"Change the envelope sender to reference your forwarding domain."

So I guess it's time to add SRS rewriting for Gmail addresses...!

--
Robert L Mathews
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Noticed Google now suggests changing envelope sender for forwarding

[Brandon Long via mailop]

This is related to the note on https://support.google.com/mail/answer/81126

> Important: Starting November 2022, new senders who send email to Google
Gmail accounts must set up either SPF or DKIM

which is to say, what they're saying is use a domain you control and
authenticate it, and make an effort to not forward spam.

"no auth, no entry"

Brandon

On Thu, Jun 1, 2023 at 8:56 AM Robert L Mathews via mailop <
mailop@mailop.org> wrote:

> Maybe other people have noticed and discussed this and I'm just behind
> the times, but for more than a decade, Google specifically said:
>
> "Avoid changing the envelope sender when forwarding email to Gmail."
>
> (You can see this as recently as last November at
> <
> https://web.archive.org/web/20221127015217/https://support.google.com/mail/answer/175365
> >.)
>
> Because of that, we didn't do it. But I noticed that the current page at
>  now says the exact
> opposite:
>
> "Change the envelope sender to reference your forwarding domain."
>
> So I guess it's time to add SRS rewriting for Gmail addresses...!
>
> --
> Robert L Mathews
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Someone from nifty.com / sion.ne.jp an this list?

[Michael Peddemors via mailop]

On 2023-05-30 06:36, Michael Peddemors via mailop wrote:

On 2023-05-29 22:36, Hans-Martin Mosner via mailop wrote:
There's been an ongoing phishing wave originating from nifty.com. I 
(and most likely others) have sent abuse reports, but the root of the 
problem apparently hasn't been found and fixed. Would you please see 
that this phishing stops? If you contact me off-list, I will provide 
you with the addresses which we've seen in case you can use that to 
pinpoint the issue.


Cheers,
Hans-Martin


106.153.226.33    1   mta-snd1.nifty.com
    106.153.226.38 1   mta-snd6.nifty.com
    106.153.226.39 1   mta-snd7.nifty.com
106.153.227.36    1   mta-snd01004.nifty.com
    106.153.227.38 1   mta-snd01006.nifty.com
    106.153.227.42 1   mta-snd01010.nifty.com
    106.153.227.43 1   mta-snd01011.nifty.com
    106.153.227.44 1   mta-snd01012.nifty.com
    106.153.227.45 1   mta-snd01013.nifty.com
106.153.228.1 2   mta-snd00101.nifty.com
    106.153.228.2  1   mta-snd00102.nifty.com
    106.153.228.3  3   mta-snd00103.nifty.com
    106.153.228.4  3   mta-snd00104.nifty.com
    106.153.228.5  3   mta-snd00105.nifty.com
    106.153.228.6  1   mta-snd00106.nifty.com
    106.153.228.33 3   mta-snd01101.nifty.com
    106.153.228.34 3   mta-snd01102.nifty.com
    106.153.228.35 4   mta-snd01103.nifty.com
    106.153.228.36 4   mta-snd01104.nifty.com
    106.153.228.37 4   mta-snd01105.nifty.com
    106.153.228.38 3   mta-snd01106.nifty.com

Going on for about a week now...

Lot of invalid users, but the ones that go through are pretty obvious..

From: Unfeigned Pharmacy-Market 
X-Priority: 1 (High)
Message-ID: <305495318.20230530150...@nifty.ne.jp>
Subject: Buy premium generic medication products here.

Right now treating like gmail spam, but if it keeps up, might have to 
get more aggressive..





Addendum:

We also see that it is a 'backscatter' issue over there..

Return-Path: <>
Received: from mta-snd00102.nifty.com (HELO osmta0018.nifty.com) 
(106.153.228.2)

by SNIPPED  (TLS_AES_256_GCM_SHA384 encrypted) ESMTPS
(16123842-0095-11ee-8143-fb3903172121); Thu, 01 Jun 2023 08:58:03 -0700
To: SNIPED
From: 
Subject: =?iso-2022-jp?B?GyRCJWEhPCVrQXc/LiUoJWkhPERMQ04bKEI=?=
Date: Fri, 2 Jun 2023 00:58:01 +0900
Message-ID: 
<20230601155801020.cagn.109110.omta01-spam-nf-airoymnf00fep...@nifty.com>


Someone should let them know that gets them blacklisted fast.. ;)



--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Noticed Google now suggests changing envelope sender for forwarding

[Robert L Mathews via mailop]

Maybe other people have noticed and discussed this and I'm just behind 
the times, but for more than a decade, Google specifically said:


"Avoid changing the envelope sender when forwarding email to Gmail."

(You can see this as recently as last November at 
.)


Because of that, we didn't do it. But I noticed that the current page at 
 now says the exact opposite:


"Change the envelope sender to reference your forwarding domain."

So I guess it's time to add SRS rewriting for Gmail addresses...!

--
Robert L Mathews
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop