Re: [mailop] Gmail now deferring email which meets their published reqs
On Sat, Dec 30, 2023 at 9:52 AM Simon Wilson via mailop wrote: > I know, I'm not alone in this... :( > > I like to think that it's still feasible to run one's own email. I have > for many years, and currently manage about a dozen email domains for family > and friends. Most of the time all good. > > Then today my dad says to me "Why am I getting these bounce messages?" > > I check, and Gmail are deferring an email he sends every week to a group > of friends, 20 all up, 15 of them on Gmail, saying his SPF domain is a > source of unsolicited email (421-4.7.28). Outlook and Hotmail accept OK. > > This domain is old, not compromised, has SPF, DKIM (1024bit), DMARC, all > valid. We send using TLS. We have correct PTR. His emails go out fully > signed and pass checks. We don't send commercial emails, and that domain > name is low volume and all emails individually written and sent through a > webmail client, none of it is automated. > > Are we wasting time even trying any more? > > You can't even submit a request to them for help, because they ignore it > unless you attach valid and current mis-classified headers from within > gmail. Umm.. how can I do that when they're not accepting the email? > > Simon Wilson > M: 0400 121 116 > I am a victim of these Gmail theatrics as well. I manage a server and it runs two mail domains - my.co.ke and nog.ke. Everything is all setup like yours. And on this server we have Mailman3 lists, which are low volume really, because Whatsapp/Telegram/Signal all happened. Just suddenly Gmail refused to accept emails from this server, saying that: ``` 2023-12-25 09:29:51.230 1rHeTF-000WIF-Ib ** odhiax...@gmail.com R=dnslookup T=remote_smtp_DK H=gmail-smtp-in.l.google.com [74.125.206.27] I=[62.12.117.39] X=TLS1.3:ECDHE_X25519__ECDSA_SECP256R1_SHA256__AES_256_GCM:256 CV=yes DN="CN=mx.google.com": SMTP error from remote mail server after end of data: 550-5.7.1 [62.12.117.39] The IP you're using to send mail is not authorized to\n550-5.7.1 send email directly to our servers. Please use the SMTP relay at your\n550-5.7.1 service provider instead. For more information, go to\n550 5.7.1 https://support.google.com/mail/?p=NotAuthorizedError s2-20020adff80200b003367a4f666esi4389351wrp.527 - gsmtp DT=1.571s ``` Of course this results into a bounce for the sender. I am not sure what Gmail wants us to do! And it's only Gmail. Outlook.com accepts mail from this server. The domains I manage are all verified in Postmaster Tools yet the Dashboard has no data . BTW, does someone know how to re-verify a domain? The steps given by Gmail takes one round and round until you give up. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) [How to ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html] ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Gmail now deferring email which meets their published reqs
I know, I'm not alone in this... :( I like to think that it's still feasible to run one's own email. I have for many years, and currently manage about a dozen email domains for family and friends. Most of the time all good. Then today my dad says to me "Why am I getting these bounce messages?" I check, and Gmail are deferring an email he sends every week to a group of friends, 20 all up, 15 of them on Gmail, saying his SPF domain is a source of unsolicited email (421-4.7.28). Outlook and Hotmail accept OK. This domain is old, not compromised, has SPF, DKIM (1024bit), DMARC, all valid. We send using TLS. We have correct PTR. His emails go out fully signed and pass checks. We don't send commercial emails, and that domain name is low volume and all emails individually written and sent through a webmail client, none of it is automated. Are we wasting time even trying any more? You can't even submit a request to them for help, because they ignore it unless you attach valid and current mis-classified headers from within gmail. Umm.. how can I do that when they're not accepting the email? Simon Wilson M: 0400 121 116___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Office 365 spam is getting ridiculous (besmartforgoodlife DOT com)
We're seeing hundreds of entries like these in our logs for their internet domain name: 2023-12-29T07:42:08.028521-08:00 mail01 postfix/policy-spf[118254]: Policy action=PREPEND Received-SPF: none (csw31.besmartforgoodlife.com: No applicable sender policy available) receiver=mail01.inter-corporate.com; identity=mailfrom; envelope-from="alfa4+SRS=X10ap=II=intbl.co.uk=zmciyzxtdk20...@csw31.besmartforgoodlife.com"; helo=DEU01-BE0-obe.outbound.protection.outlook.com; client-ip=52.100.3.205 The SPF records don't exist at all: https://www.openspf.ca/why.perl?id=nobody%40csw31.besmartforgoodlife.com=52.100.3.205=mfrom= The IP address of 52.100.3.205 belongs to Microsoft according to a query to WHOIS.ARIN.NET, and it's blacklisted in multiple DNSBLs, including BACKSCATTER, MAILSPIKE, SOLID, and SORBS-IP: https://www.lumbercartel.ca/tools/rblcheck.pl?q=52.100.3.205 Spamhaus.org has their internet domain name blacklisted, and I support their decision because it's a spam sewer that's trying to send to a wide variety of eMail users on different internet domain names for whom we're providing the hosting eMail: 2023-12-29T07:42:09.772483-08:00 mail01 postfix/smtpd[118253]: NOQUEUE: reject: RCPT from mail-be0deu01hn2205.outbound.protection.outlook.com[52.100.3.205]: 554 5.7.1 Service unavailable; Sender address [alfa4+SRS=X10ap=II=intbl.co.uk=zmciyzxtdk20...@csw31.besmartforgoodlife.com] blocked using dbl.spamhaus.org; https://www.spamhaus.org/query/domain/besmartforgoodlife.com; from= to= proto=ESMTP helo= I suspect it will just be a matter of time before Microsoft finds their whole network blacklisted by multiple DNSBLs. At the present time I have many users who receive legitimate eMail from their users, but so far the major DNSBLs are doing a great job of keeping most of the problem areas at bay. (Sadly, Microsoft's "DEU01-BE0-obe.outbound.protection.outlook.com" system isn't providing "outbound protection" even though their systems' hostname seems to be alluding to this.) > I think we've finally reached the point where more spam comes from > Office 365 customers than legitimate and desirable email. Here's just > ONE spam campaign from Office 365 we pulled logs for today: > https://mxbin.io/piaQqm > > Notice the different subdomains they send from: > > *@csw11.besmartforgoodlife.com > *@csw12.besmartforgoodlife.com > *@csw13.besmartforgoodlife.com > *@csw14.besmartforgoodlife.com > *@csw15.besmartforgoodlife.com > *@csw16.besmartforgoodlife.com > *@csw17.besmartforgoodlife.com > *@csw18.besmartforgoodlife.com > *@csw19.besmartforgoodlife.com > *@csw20.besmartforgoodlife.com > *@csw21.besmartforgoodlife.com > *@csw22.besmartforgoodlife.com > *@csw23.besmartforgoodlife.com > *@csw24.besmartforgoodlife.com > *@csw25.besmartforgoodlife.com > *@csw26.besmartforgoodlife.com > *@csw27.besmartforgoodlife.com > *@csw28.besmartforgoodlife.com > *@csw29.besmartforgoodlife.com > *@csw30.besmartforgoodlife.com > *@csw31.besmartforgoodlife.com > *@csw36.besmartforgoodlife.com > *@csw37.besmartforgoodlife.com > > And that's just one campaign, for just one day. At this point, we've > blacklisted Microsoft IP ranges and we now consider email from them to > more likely be spam than ham. Our blacklist isn't an outright block, but > if Microsoft can't get their act together maybe a block is what we all > need to do collectively. This is worse than the last few years of Gmail > SEO spam. > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop -- Postmaster - postmas...@inter-corporate.com Randolf Richardson, CNA - rand...@inter-corporate.com Inter-Corporate Computer & Network Services, Inc. Vancouver, British Columbia, Canada https://www.inter-corporate.com/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Office 365 spam is getting ridiculous
I think we've finally reached the point where more spam comes from Office 365 customers than legitimate and desirable email. Here's just ONE spam campaign from Office 365 we pulled logs for today: https://mxbin.io/piaQqm Notice the different subdomains they send from: *@csw11.besmartforgoodlife.com *@csw12.besmartforgoodlife.com *@csw13.besmartforgoodlife.com *@csw14.besmartforgoodlife.com *@csw15.besmartforgoodlife.com *@csw16.besmartforgoodlife.com *@csw17.besmartforgoodlife.com *@csw18.besmartforgoodlife.com *@csw19.besmartforgoodlife.com *@csw20.besmartforgoodlife.com *@csw21.besmartforgoodlife.com *@csw22.besmartforgoodlife.com *@csw23.besmartforgoodlife.com *@csw24.besmartforgoodlife.com *@csw25.besmartforgoodlife.com *@csw26.besmartforgoodlife.com *@csw27.besmartforgoodlife.com *@csw28.besmartforgoodlife.com *@csw29.besmartforgoodlife.com *@csw30.besmartforgoodlife.com *@csw31.besmartforgoodlife.com *@csw36.besmartforgoodlife.com *@csw37.besmartforgoodlife.com And that's just one campaign, for just one day. At this point, we've blacklisted Microsoft IP ranges and we now consider email from them to more likely be spam than ham. Our blacklist isn't an outright block, but if Microsoft can't get their act together maybe a block is what we all need to do collectively. This is worse than the last few years of Gmail SEO spam. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop