Re: [mailop] Gmail now deferring email which meets their published reqs

[Richard Rognlie via mailop]

I'm not seeing deferrals but some of my users are reporting that they're
not seeing emails coming from my play by email service.  I've double
checked the logs and gmail is accepting the messages.  So anything
happening to user mail is under the covers on the gmail side.

Richard

On Sat, Dec 30, 2023 at 12:48:15PM -0800, Randolf Richardson, Postmaster via 
mailop wrote:
>   If that's what the problem is, then that can easily be set with the 
> following Postfix setting without the need for customization scripts:
> 
>   default_destination_recipient_limit = 1
> 
>   Documentation for this setting is available at:  
> https://urldefense.com/v3/__https://www.postfix.org/postconf.5.html*default_destination_recipient___;Iw!!KfGNmQmE!gvIVxaYqjH9_ABFrCwzypLPizUOZhlVehuk9XmLk243yU3ZyW4KTPIc15CCESK0u2XQ_ue4Mtd7T2l87mhBiQJk$
>  
> limit
> 
>   It may also be helpful to adjust the delivery rate, which can also 
> be set in Postfix's "default_destination_rate_delay" setting (which 
> defaults to 0 seconds):
> 
>   
> https://urldefense.com/v3/__https://www.postfix.org/postconf.5.html*default_destination_rate_delay__;Iw!!KfGNmQmE!gvIVxaYqjH9_ABFrCwzypLPizUOZhlVehuk9XmLk243yU3ZyW4KTPIc15CCESK0u2XQ_ue4Mtd7T2l87HZZdTeA$
>  
> 
>   (I don't know, off-hand, if other SMTP daemons have such settings.)
> 
> > I have nearly the exact same setup and usage you do.  I got the same 
> > deferral when sending an email to <20 friends, of which about 15 were on 
> > Gmail. Exactly the same results as you got. 
> > 
> > Fortunately, I found I could schedule one recipient at a time (using 
> > opensmtpd) and each message went through without issue (I even scripted the 
> > last 10 or so and they all went through in <2s). Seems they don´t like 
> > small shops to send to more than one or two Gmail recipients at a time).
> > 
> > I suppose I should send a similar message to my friends, and include my 
> > Gmail account, then see if then I can send the report in.
> > 
> > Sean
> > 
> > Typed with my thumb.
> > 
> > > On Dec 30, 2023, at 05:01, Simon Wilson via mailop  
> > > wrote:
> > > 
> > > Thanks all. I'll answer comments here in one email.
> > > I use a single mail host (mail.simonandkate.net) as MX for a range of 
> > > family domains on a fixed/business IP address through a high quality ISP 
> > > (not a variable IP, not in a dial-up block). I've had the same IP address 
> > > for about 7 years. It has a good reputation, sends < 1k emails per week, 
> > > and I monitor blocklists. Neither the domain nor the IP are on spamhaus 
> > > or other BLs. My parents' domain is howiesue.net, we've owned it for 
> > > about 10 years. Its inbound MX and outbound SMTP host is 
> > > mail.simonandkate.net, which has a valid PTR associated with the IP 
> > > address noted above (again, which has been in place for many years). 
> > > 
> > > howiesue.net has a valid hard-fail/reject SPF policy for the IP mail host 
> > > we use, we DKIM sign all outbound messages with a 1024-bit key, and valid 
> > > DMARC is setup. I have the domain in Google Postmaster Tools, but is too 
> > > low volume to generate any data.
> > > 
> > > I'll have a look at DNSWL.org - thank you Randolf for that suggestion.
> > > 
> > > The error message from Google is specifically:
> > > 
> > > 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail 
> > > originating from your SPF domain [howiesue.net  35]. To protect our 
> > > users from spam, mail sent from your domain has been temporarily rate 
> > > limited. For more information, go to 
> > > https://urldefense.com/v3/__https://support.google.com/mail/?p=UnsolicitedRateLimitError__;!!KfGNmQmE!gvIVxaYqjH9_ABFrCwzypLPizUOZhlVehuk9XmLk243yU3ZyW4KTPIc15CCESK0u2XQ_ue4Mtd7T2l87Q48xjp4$
> > >   to review our Bulk Email Senders Guidelines
> > > 
> > > Google search tells me this is NOT the message they use when the IP 
> > > address is the issue, but that they are having some unknown issue with 
> > > the domain.
> > > 
> > > I've checked my logs, and the domain is not compromised; he's sent a 
> > > total of 10 emails in the last week lol... This one that Gmail have 
> > > decided to block is the first to Gmail this week, but he regularly sends 
> > > to the people on that list. The email contains 15 Gmail recipients, and 
> > > is still deferred 12 hours later. 
> > > 
> > > I've tested and they accept email from me to individuals on his list from 
> > > the same mail host from my personal domain - reinforcing that we don't 
> > > have an IP rep issue.
> > > 
> > > Randolf - I've reviewed the Google support doc on deferred email, and 
> > > there is nothing in there that I need to change - we use TLS (with valid 
> > > certs), have valid PTRs and other DNS records, have SPF (with hard fail / 
> > > reject requested for non-authorised IPs) and DKIM, DMARC, and are not 
> > > sending spam, it's personal email not bulk. There is no reason on that 
> > > page which I can see 

Re: [mailop] Gmail now deferring email which meets their published reqs

[sam via mailop]

Gmail recently changed how they calculate domain reputation within the last two 
months. Domains that didn't encounter issues before are now experiencing 
problems.

I'm not entirely certain about the specific changes on Gmail's end, but I have 
observed these issues across multiple client domains.

From: mailop  on behalf of Randolf Richardson, 
Postmaster via mailop 
Sent: Saturday, December 30, 2023 12:48 PM
To: mailop 
Subject: Re: [mailop] Gmail now deferring email which meets their published reqs

Iron Wolf Technology EmployeeShield
Warning: The sender @mailop@mailop​.org might be a spam sender.
Block as 
Spam
 Not a Spam 
Sender
powered by Graphus®
If that's what the problem is, then that can easily be set with the following 
Postfix setting without the need for customization scripts: 
default_destination_recipient_limit = 1 Documentation for this setting is 
available at: 
https://www.postfix.org/postconf.5.html#default_destination_recipient_ limit It 
may also be helpful to adjust the delivery rate, which can also be set in 
Postfix's "default_destination_rate_delay" setting (which defaults to 0 
seconds): 
https://www.postfix.org/postconf.5.html#default_destination_rate_delay (I don't 
know, off-hand, if other SMTP daemons have such settings.) > I have nearly the 
exact same setup and usage you do. I got the same deferral when sending an 
email to <20 friends, of which about 15 were on Gmail. Exactly the same results 
as you got. > > Fortunately, I found I could schedule one recipient at a time 
(using opensmtpd) and each message went through without issue (I even scripted 
the last 10 or so and they all went through in <2s). Seems they don´t like 
small shops to send to more than one or two Gmail recipients at a time). > > I 
suppose I should send a similar message to my friends, and include my Gmail 
account, then see if then I can send the report in. > > Sean > > Typed with my 
thumb. > > > On Dec 30, 2023, at 05:01, Simon Wilson via mailop 
 wrote: > > > > Thanks all. I'll answer comments here in one 
email. > > I use a single mail host (mail.simonandkate.net) as MX for a range 
of family domains on a fixed/business IP address through a high quality ISP 
(not a variable IP, not in a dial-up block). I've had the same IP address for 
about 7 years. It has a good reputation, sends < 1k emails per week, and I 
monitor blocklists. Neither the domain nor the IP are on spamhaus or other BLs. 
My parents' domain is howiesue.net, we've owned it for about 10 years. Its 
inbound MX and outbound SMTP host is mail.simonandkate.net, which has a valid 
PTR associated with the IP address noted above (again, which has been in place 
for many years). > > > > howiesue.net has a valid hard-fail/reject SPF policy 
for the IP mail host we use, we DKIM sign all outbound messages with a 1024-bit 
key, and valid DMARC is setup. I have the domain in Google Postmaster Tools, 
but is too low volume to generate any data. > > > > I'll have a look at 
DNSWL.org - thank you Randolf for that suggestion. > > > > The error message 
from Google is specifically: > > > > 421-4.7.28 Gmail has detected an unusual 
rate of unsolicited mail originating from your SPF domain [howiesue.net 35]. To 
protect our users from spam, mail sent from your domain has been temporarily 
rate limited. For more information, go to 
https://support.google.com/mail/?p=UnsolicitedRateLimitError to review our Bulk 
Email Senders Guidelines > > > > Google search tells me this is NOT the message 
they use when the IP address is the issue, but that they are having some 
unknown issue with the domain. > > > > I've checked my logs, and the domain is 
not compromised; he's sent a total of 10 emails in the last week lol... This 
one that Gmail have decided to block is the first to Gmail this week, but he 
regularly sends to the people on that list. The email contains 15 Gmail 
recipients, and is still deferred 12 hours later. > > > > I've tested and they 
accept email from me to individuals on his list from the same mail host from my 
personal domain - reinforcing that we don't have an IP rep issue. > > > > 
Randolf - I've reviewed the Google support doc on deferred email, and there is 
nothing in there that I need to change - we use TLS (with valid certs), have 
valid PTRs and other DNS records, have SPF (with hard fail / reject requested 
for non-authorised IPs) and DKIM, DMARC, and are not sending spam, it's 

Re: [mailop] Gmail now deferring email which meets their published reqs

[Simon Wilson via mailop]

I've added a gmail.com-specific transport, with a recipient_limit set to 2 (so 
it does not become per-recipient instead of per-domain), a concurrency limit of 
1 and a 10s rate delay. For the amount of email we send this should not be 
problematic. I'll see if we can then build up a better rep for his domain.

Some good comments here from everyone - thanks all.

Simon



On Sunday, December 31, 2023 07:30 AEST, Michael Orlitzky via mailop 
 wrote:
 On Sat, 2023-12-30 at 12:48 -0800, Randolf Richardson, Postmaster via
mailop wrote:
> If that's what the problem is, then that can easily be set with the
> following Postfix setting without the need for customization scripts:
>
> default_destination_recipient_limit = 1
>
> It may also be helpful to adjust the delivery rate, which can also
> be set in Postfix's "default_destination_rate_delay" setting


This will work, but you probably don't want to make your entire MTA
inefficient just to appease Google. Those two parameters have per-
transport counterparts,

* _destination_concurrency_limit
* _destination_rate_delay

where  is the name of your transport. So, for example, you
could create a transport called "slow", and then set

* slow_destination_concurrency_limit = 1
* slow_destination_rate_delay = 2s

after which all you have to do is configure postfix to send to gmail
via the "slow" transport instead of the default one. Now gmail is slow,
but nobody else suffers.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
-- 
Simon Wilson
M: 0400 121 116
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Gmail now deferring email which meets their published reqs

[Michael Orlitzky via mailop]

On Sat, 2023-12-30 at 12:48 -0800, Randolf Richardson, Postmaster via
mailop wrote:
>   If that's what the problem is, then that can easily be set with the 
> following Postfix setting without the need for customization scripts:
> 
>   default_destination_recipient_limit = 1
> 
>   It may also be helpful to adjust the delivery rate, which can also 
> be set in Postfix's "default_destination_rate_delay" setting 


This will work, but you probably don't want to make your entire MTA
inefficient just to appease Google. Those two parameters have per-
transport counterparts,

  * _destination_concurrency_limit
  * _destination_rate_delay

where  is the name of your transport. So, for example, you
could create a transport called "slow", and then set

  * slow_destination_concurrency_limit = 1
  * slow_destination_rate_delay = 2s

after which all you have to do is configure postfix to send to gmail
via the "slow" transport instead of the default one. Now gmail is slow,
but nobody else suffers.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Gmail now deferring email which meets their published reqs

[Randolf Richardson, Postmaster via mailop]

If that's what the problem is, then that can easily be set with the 
following Postfix setting without the need for customization scripts:

default_destination_recipient_limit = 1

Documentation for this setting is available at:  
https://www.postfix.org/postconf.5.html#default_destination_recipient_
limit

It may also be helpful to adjust the delivery rate, which can also 
be set in Postfix's "default_destination_rate_delay" setting (which 
defaults to 0 seconds):


https://www.postfix.org/postconf.5.html#default_destination_rate_delay

(I don't know, off-hand, if other SMTP daemons have such settings.)

> I have nearly the exact same setup and usage you do.  I got the same deferral 
> when sending an email to <20 friends, of which about 15 were on Gmail. 
> Exactly the same results as you got. 
> 
> Fortunately, I found I could schedule one recipient at a time (using 
> opensmtpd) and each message went through without issue (I even scripted the 
> last 10 or so and they all went through in <2s). Seems they don´t like small 
> shops to send to more than one or two Gmail recipients at a time).
> 
> I suppose I should send a similar message to my friends, and include my Gmail 
> account, then see if then I can send the report in.
> 
> Sean
> 
> Typed with my thumb.
> 
> > On Dec 30, 2023, at 05:01, Simon Wilson via mailop  
> > wrote:
> > 
> > Thanks all. I'll answer comments here in one email.
> > I use a single mail host (mail.simonandkate.net) as MX for a range of 
> > family domains on a fixed/business IP address through a high quality ISP 
> > (not a variable IP, not in a dial-up block). I've had the same IP address 
> > for about 7 years. It has a good reputation, sends < 1k emails per week, 
> > and I monitor blocklists. Neither the domain nor the IP are on spamhaus or 
> > other BLs. My parents' domain is howiesue.net, we've owned it for about 10 
> > years. Its inbound MX and outbound SMTP host is mail.simonandkate.net, 
> > which has a valid PTR associated with the IP address noted above (again, 
> > which has been in place for many years). 
> > 
> > howiesue.net has a valid hard-fail/reject SPF policy for the IP mail host 
> > we use, we DKIM sign all outbound messages with a 1024-bit key, and valid 
> > DMARC is setup. I have the domain in Google Postmaster Tools, but is too 
> > low volume to generate any data.
> > 
> > I'll have a look at DNSWL.org - thank you Randolf for that suggestion.
> > 
> > The error message from Google is specifically:
> > 
> > 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail 
> > originating from your SPF domain [howiesue.net  35]. To protect our 
> > users from spam, mail sent from your domain has been temporarily rate 
> > limited. For more information, go to 
> > https://support.google.com/mail/?p=UnsolicitedRateLimitError to review our 
> > Bulk Email Senders Guidelines
> > 
> > Google search tells me this is NOT the message they use when the IP address 
> > is the issue, but that they are having some unknown issue with the domain.
> > 
> > I've checked my logs, and the domain is not compromised; he's sent a total 
> > of 10 emails in the last week lol... This one that Gmail have decided to 
> > block is the first to Gmail this week, but he regularly sends to the people 
> > on that list. The email contains 15 Gmail recipients, and is still deferred 
> > 12 hours later. 
> > 
> > I've tested and they accept email from me to individuals on his list from 
> > the same mail host from my personal domain - reinforcing that we don't have 
> > an IP rep issue.
> > 
> > Randolf - I've reviewed the Google support doc on deferred email, and there 
> > is nothing in there that I need to change - we use TLS (with valid certs), 
> > have valid PTRs and other DNS records, have SPF (with hard fail / reject 
> > requested for non-authorised IPs) and DKIM, DMARC, and are not sending 
> > spam, it's personal email not bulk. There is no reason on that page which I 
> > can see which gives them reason to defer us.
> > 
> > When I follow their troubleshooter, it drops me to the contact form Randolf 
> > mentions, but I cannot achieve any progress because you *have* to include 
> > "To help us investigate a message that was rejected or blocked, please 
> > provide the full headers from a recent message (less than 12 days old)". 
> > That header has to be from the RECEIVED end, i.e. Gmail - which I cannot do 
> > because to do that I'd have to actually be able to get an email through 
> > from the domain. I tried sending log details of the deferral with info on 
> > our compliant setup, and the "ticket" is auto-closed because it doesn't 
> > include the headers they "need".
> > 
> > I think I'm just going to need to tell him to set up a different way to 
> > contact his friends instead of this list... 
> > 
> > If I've missed something, I'd love to hear it.
> > 
> > Simon
> > 
> > 
> >> On Saturday, 

Re: [mailop] Gmail now deferring email which meets their published reqs

[Sean Kamath via mailop]

I have nearly the exact same setup and usage you do.  I got the same deferral 
when sending an email to <20 friends, of which about 15 were on Gmail. Exactly 
the same results as you got. 

Fortunately, I found I could schedule one recipient at a time (using opensmtpd) 
and each message went through without issue (I even scripted the last 10 or so 
and they all went through in <2s). Seems they don’t like small shops to send to 
more than one or two Gmail recipients at a time).

I suppose I should send a similar message to my friends, and include my Gmail 
account, then see if then I can send the report in.

Sean

Typed with my thumb.

> On Dec 30, 2023, at 05:01, Simon Wilson via mailop  wrote:
> 
> Thanks all. I'll answer comments here in one email.
> I use a single mail host (mail.simonandkate.net) as MX for a range of family 
> domains on a fixed/business IP address through a high quality ISP (not a 
> variable IP, not in a dial-up block). I've had the same IP address for about 
> 7 years. It has a good reputation, sends < 1k emails per week, and I monitor 
> blocklists. Neither the domain nor the IP are on spamhaus or other BLs. My 
> parents' domain is howiesue.net, we've owned it for about 10 years. Its 
> inbound MX and outbound SMTP host is mail.simonandkate.net, which has a valid 
> PTR associated with the IP address noted above (again, which has been in 
> place for many years). 
> 
> howiesue.net has a valid hard-fail/reject SPF policy for the IP mail host we 
> use, we DKIM sign all outbound messages with a 1024-bit key, and valid DMARC 
> is setup. I have the domain in Google Postmaster Tools, but is too low volume 
> to generate any data.
> 
> I'll have a look at DNSWL.org - thank you Randolf for that suggestion.
> 
> The error message from Google is specifically:
> 
> 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail originating 
> from your SPF domain [howiesue.net  35]. To protect our users from spam, 
> mail sent from your domain has been temporarily rate limited. For more 
> information, go to 
> https://support.google.com/mail/?p=UnsolicitedRateLimitError to review our 
> Bulk Email Senders Guidelines
> 
> Google search tells me this is NOT the message they use when the IP address 
> is the issue, but that they are having some unknown issue with the domain.
> 
> I've checked my logs, and the domain is not compromised; he's sent a total of 
> 10 emails in the last week lol... This one that Gmail have decided to block 
> is the first to Gmail this week, but he regularly sends to the people on that 
> list. The email contains 15 Gmail recipients, and is still deferred 12 hours 
> later. 
> 
> I've tested and they accept email from me to individuals on his list from the 
> same mail host from my personal domain - reinforcing that we don't have an IP 
> rep issue.
> 
> Randolf - I've reviewed the Google support doc on deferred email, and there 
> is nothing in there that I need to change - we use TLS (with valid certs), 
> have valid PTRs and other DNS records, have SPF (with hard fail / reject 
> requested for non-authorised IPs) and DKIM, DMARC, and are not sending spam, 
> it's personal email not bulk. There is no reason on that page which I can see 
> which gives them reason to defer us.
> 
> When I follow their troubleshooter, it drops me to the contact form Randolf 
> mentions, but I cannot achieve any progress because you *have* to include "To 
> help us investigate a message that was rejected or blocked, please provide 
> the full headers from a recent message (less than 12 days old)". That header 
> has to be from the RECEIVED end, i.e. Gmail - which I cannot do because to do 
> that I'd have to actually be able to get an email through from the domain. I 
> tried sending log details of the deferral with info on our compliant setup, 
> and the "ticket" is auto-closed because it doesn't include the headers they 
> "need".
> 
> I think I'm just going to need to tell him to set up a different way to 
> contact his friends instead of this list... 
> 
> If I've missed something, I'd love to hear it.
> 
> Simon
> 
> 
>> On Saturday, December 30, 2023 20:28 AEST, Eduardo Díaz Comellas via mailop 
>>  wrote:
>>  
>>  
> I've seen problems like this because of ISP listing large net locks as 
> "dialup" and not supposed to send email directly.
> 
> Check spamhaus' PBL:
> 
> https://www.spamhaus.org/pbl/
> 
> Best regards
>  
> El 30 de diciembre de 2023 7:40:59 CET, Simon Wilson via mailop 
>  escribió:
>> I know, I'm not alone in this... :(
>>  
>> I like to think that it's still feasible to run one's own email. I have for 
>> many years, and currently manage about a dozen email domains for family and 
>> friends. Most of the time all good. 
>>  
>> Then today my dad says to me "Why am I getting these bounce messages?" 
>>  
>> I check, and Gmail are deferring an email he sends every week to a group of 
>> friends, 20 all up, 15 of them on Gmail, saying his SPF domain is 

Re: [mailop] Malformed To: header

[Randolf Richardson, Postmaster via mailop]

> > > recently i see messages from this ML rejected by my MTA, due
> > > malformed To: header (from postmas...@inter-corporate.com):
> > >
> > >To: mailop@mailop.org 
> 
> Unrelated to the question of whether or not @ merits escaping or quoting...
> 
> I personally wouldn't put an email address in the "friendly to" (the
> bit between the To: and <). You will find some providers and spam
> filters will consider that a sign of badness. I ran into this
> personally back on November 30th, though apparently I didn't save the
> NDR so I can't tell you which filter it was. I ended up modifying my
> own mailing list manager to strip email addresses out of the
> "friendly" bit of email headers.

Thanks Al (I think I remember you from NANAE many years ago).

I don't intentionally add @ symbols in the "friendly to" field, but 
this time it happened by mistake.  I agree with your assessment.

> Cheers,
> Al Iverson

Happy New Year.

> --
> 
> Al Iverson / Deliverability: https://www.spamresource.com
> Tools: https://www.wombatmail.com / (312) 725-0130 (Chicago)
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop


-- 
Postmaster - postmas...@inter-corporate.com
Randolf Richardson, CNA - rand...@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
https://www.inter-corporate.com/


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Malformed To: header

[Al Iverson via mailop]

> > recently i see messages from this ML rejected by my MTA, due
> > malformed To: header (from postmas...@inter-corporate.com):
> >
> >To: mailop@mailop.org 

Unrelated to the question of whether or not @ merits escaping or quoting...

I personally wouldn't put an email address in the "friendly to" (the
bit between the To: and <). You will find some providers and spam
filters will consider that a sign of badness. I ran into this
personally back on November 30th, though apparently I didn't save the
NDR so I can't tell you which filter it was. I ended up modifying my
own mailing list manager to strip email addresses out of the
"friendly" bit of email headers.

Cheers,
Al Iverson


--

Al Iverson / Deliverability: https://www.spamresource.com
Tools: https://www.wombatmail.com / (312) 725-0130 (Chicago)
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Gmail now deferring email which meets their published reqs

[Simon Wilson via mailop]

Thanks all. I'll answer comments here in one email.
I use a single mail host (mail.simonandkate.net) as MX for a range of family 
domains on a fixed/business IP address through a high quality ISP (not a 
variable IP, not in a dial-up block). I've had the same IP address for about 7 
years. It has a good reputation, sends < 1k emails per week, and I monitor 
blocklists. Neither the domain nor the IP are on spamhaus or other BLs. My 
parents' domain is howiesue.net, we've owned it for about 10 years. Its inbound 
MX and outbound SMTP host is mail.simonandkate.net, which has a valid PTR 
associated with the IP address noted above (again, which has been in place for 
many years). 

howiesue.net has a valid hard-fail/reject SPF policy for the IP mail host we 
use, we DKIM sign all outbound messages with a 1024-bit key, and valid DMARC is 
setup. I have the domain in Google Postmaster Tools, but is too low volume to 
generate any data.

I'll have a look at DNSWL.org - thank you Randolf for that suggestion.

The error message from Google is specifically:

421-4.7.28 Gmail has detected an unusual rate of unsolicited mail originating 
from your SPF domain [howiesue.net      35]. To protect our users from spam, 
mail sent from your domain has been temporarily rate limited. For more 
information, go to https://support.google.com/mail/?p=UnsolicitedRateLimitError 
to review our Bulk Email Senders Guidelines

Google search tells me this is NOT the message they use when the IP address is 
the issue, but that they are having some unknown issue with the domain.

I've checked my logs, and the domain is not compromised; he's sent a total of 
10 emails in the last week lol... This one that Gmail have decided to block is 
the first to Gmail this week, but he regularly sends to the people on that 
list. The email contains 15 Gmail recipients, and is still deferred 12 hours 
later. 

I've tested and they accept email from me to individuals on his list from the 
same mail host from my personal domain - reinforcing that we don't have an IP 
rep issue.

Randolf - I've reviewed the Google support doc on deferred email, and there is 
nothing in there that I need to change - we use TLS (with valid certs), have 
valid PTRs and other DNS records, have SPF (with hard fail / reject requested 
for non-authorised IPs) and DKIM, DMARC, and are not sending spam, it's 
personal email not bulk. There is no reason on that page which I can see which 
gives them reason to defer us.

When I follow their troubleshooter, it drops me to the contact form Randolf 
mentions, but I cannot achieve any progress because you *have* to include "To 
help us investigate a message that was rejected or blocked, please provide the 
full headers from a recent message (less than 12 days old)". That header has to 
be from the RECEIVED end, i.e. Gmail - which I cannot do because to do that I'd 
have to actually be able to get an email through from the domain. I tried 
sending log details of the deferral with info on our compliant setup, and the 
"ticket" is auto-closed because it doesn't include the headers they "need".

I think I'm just going to need to tell him to set up a different way to contact 
his friends instead of this list... 

If I've missed something, I'd love to hear it.

Simon


On Saturday, December 30, 2023 20:28 AEST, Eduardo Díaz Comellas via mailop 
 wrote:
  I've seen problems like this because of ISP listing large net locks as 
"dialup" and not supposed to send email directly.

Check spamhaus' PBL:

https://www.spamhaus.org/pbl/

Best regards El 30 de diciembre de 2023 7:40:59 CET, Simon Wilson via mailop 
 escribió:I know, I'm not alone in this... :( I like to 
think that it's still feasible to run one's own email. I have for many years, 
and currently manage about a dozen email domains for family and friends. Most 
of the time all good.  Then today my dad says to me "Why am I getting these 
bounce messages?"  I check, and Gmail are deferring an email he sends every 
week to a group of friends, 20 all up, 15 of them on Gmail, saying his SPF 
domain is a source of unsolicited email (421-4.7.28). Outlook and Hotmail 
accept OK.  This domain is old, not compromised, has SPF, DKIM (1024bit), 
DMARC, all valid. We send using TLS. We have correct PTR. His emails go out 
fully signed and pass checks. We don't send commercial emails, and that domain 
name is low volume and all emails individually written and sent through a 
webmail client, none of it is automated.  Are we wasting time even trying any 
more?  You can't even submit a request to them for help, because they ignore it 
unless you attach valid and current mis-classified headers from within gmail. 
Umm.. how can I do that when they're not accepting the email?  Simon WilsonM: 
0400 121 116
-- 
Simon Wilson
M: 0400 121 116
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Gmail now deferring email which meets their published reqs

[Eduardo Díaz Comellas via mailop]

I've seen problems like this because of ISP listing large net locks as "dialup" 
and not supposed to send email directly. 

Check spamhaus' PBL:

https://www.spamhaus.org/pbl/

Best regards

El 30 de diciembre de 2023 7:40:59 CET, Simon Wilson via mailop 
 escribió:
>I know, I'm not alone in this... :(
>
>I like to think that it's still feasible to run one's own email. I have for 
>many years, and currently manage about a dozen email domains for family and 
>friends. Most of the time all good. 
>
>Then today my dad says to me "Why am I getting these bounce messages?" 
>
>I check, and Gmail are deferring an email he sends every week to a group of 
>friends, 20 all up, 15 of them on Gmail, saying his SPF domain is a source of 
>unsolicited email (421-4.7.28). Outlook and Hotmail accept OK. 
>
>This domain is old, not compromised, has SPF, DKIM (1024bit), DMARC, all 
>valid. We send using TLS. We have correct PTR. His emails go out fully signed 
>and pass checks. We don't send commercial emails, and that domain name is low 
>volume and all emails individually written and sent through a webmail client, 
>none of it is automated. 
>
>Are we wasting time even trying any more? 
>
>You can't even submit a request to them for help, because they ignore it 
>unless you attach valid and current mis-classified headers from within gmail. 
>Umm.. how can I do that when they're not accepting the email? 
>
>Simon Wilson
>M: 0400 121 116___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Malformed To: header

[Andrew C Aitchison via mailop]

On Sat, 30 Dec 2023, Slavko via mailop wrote:


Hi,

recently i see messages from this ML rejected by my MTA, due
malformed To: header (from postmas...@inter-corporate.com):

   To: mailop@mailop.org 

AFAIK, the display name have to be quoted (@ char in it), thus
my MTA is right, but...

Please, am i too strict with this syntax check or this ML is too
lax in that (or both)?


I've been seeing similar errors in my exim logs.
Thanks to Slavko for pointing it out and Randolf for fixing it.

Funny thing was that logwatch objected to the unusual
whitespacing that exim put into the log,
so it was particularly visible.

--
Andrew C. Aitchison  Kendal, UK
   and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Malformed To: header

[Randolf Richardson, Postmaster via mailop]

Indeed, you are correct -- according to section 3.2.3 in RFC 5322, 
the at ("@") symbol counts as a "special" character that's 
categorized seprarately from "atext," and an example in Appendix A 
demonstrates quoting when a special character is present:

RFC 5322 :: Internet Message Format
https://datatracker.ietf.org/doc/html/rfc5322#section-3.2.3

Thanks for pointing out my PEBCAK* error -- I somehow got the eMail 
address included in the atext Atom of the "From:" field. :D

Sorry about that.

* PEBCAK:  Problem Exists Between Chair And Keyboard

> Hi,
> 
> recently i see messages from this ML rejected by my MTA, due
> malformed To: header (from postmas...@inter-corporate.com):
> 
> To: mailop@mailop.org 
> 
> AFAIK, the display name have to be quoted (@ char in it), thus
> my MTA is right, but...
> 
> Please, am i too strict with this syntax check or this ML is too
> lax in that (or both)?
> 
> regards
> 
> -- 
> Slavko
> https://www.slavino.sk/
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop


-- 
Postmaster - postmas...@inter-corporate.com
Randolf Richardson, CNA - rand...@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
https://www.inter-corporate.com/


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Malformed To: header

[Slavko via mailop]

Hi,

recently i see messages from this ML rejected by my MTA, due
malformed To: header (from postmas...@inter-corporate.com):

To: mailop@mailop.org 

AFAIK, the display name have to be quoted (@ char in it), thus
my MTA is right, but...

Please, am i too strict with this syntax check or this ML is too
lax in that (or both)?

regards

-- 
Slavko
https://www.slavino.sk/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Solution to SMTP Smuggling -- postfix smtpd update for Debian (Linux) v12/bookworm

[Randolf Richardson, Postmaster via mailop]

If you're using Postfix on Debian Linux, this will likely be of 
interest to you...

The updated Postfix v3.7.9 that can prevent the SMTP Smuggling 
problem by introducing the "smtpd_forbid_bare_newline" configuration 
setting is now available on Debian (Linux) v12.4.  I just upgraded my 
production servers after testing, and it's working reliably.

(Apparently there are also options for earlier versions of Debian 
and Postfix, which are detailed in the document linked hereunder...)

*** IMPORTANT *** Additional configuration may be needed, depending 
on a few factors:

1. If your installation of Postfix's smtpd_forbid_bare_newline 
setting is not enabled, then you'll need to update your 
/etc/postfix/main.cf file accordingly.  You can check the current 
setting with the following comand:

postconf | grep smtpd_forbid_bare_newline

This setting is explained on the Postfix web site:

Postfix :: SMTP Smuggling :: Long-term fix
https://www.postfix.org/smtp-smuggling.html#long

2. If you implemented the short-term workarounds, you may want 
to 
reverse those changes (also in the /etc/postfix/main.cf file).  You 
can read more about the short-term workarounds, here:

Postfix :: SMTP Smuggling :: Short-term workarounds
https://www.postfix.org/smtp-smuggling.html#short

If you're not using a version of Postfix that supports the new 
"smtpd_forbid_bare_newline" configuration setting, then those 
short-term workarounds will have to suffice until you can get the 
updated version of Postfix installed on your systems.

*** A special note of apprecaition goes to the Debian developers, 
and the entire team of people who work on Debian and contribute to 
the project, for working on this over the holiday season -- your 
efforts are important and tremendously helpful.  Thank you. ***

-- 
Postmaster - postmas...@inter-corporate.com
Randolf Richardson, CNA - rand...@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
https://www.inter-corporate.com/


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Gmail now deferring email which meets their published reqs

[Randolf Richardson, Postmaster via mailop]

It's definitely worth it to run your own eMail system (in my 
opinion).  I think people should be able to do this if they want to, 
although one of the challenges that sometimes arises is which IP 
netblocks their eMail servers are in.

If your server is operated at home, you may be in a dial-up 
netblock, which many providers will block outright or count in 
weighting as being potentially problematic.  In such cases your 
internet provider may be able to provide you with a different IP 
address that's in a non-dial-up netblock, or, assuming this is the 
problem, you may need to consider other options (e.g., routing 
through a different IP via an encrypted tunnel/private-VPN, or using 
delegating to another host to act as a relay {we used to provide this 
for a few of our clients, until they decided to switch over to us}).

One thing that might be helpful to you is getting yourself listed in 
the DNSWL:

DNS whitelist (DNSWL)
https://www.dnswl.org/

If you haven't already, you may want to consider getting your IP 
address(es) registered through their self-managment interface.  (I 
don't know if this will solve your problem with Google's systems, but 
hopefully it will at least prevent future issues with other systems.)

Google also has a document that might be helpful (I don't know 
whether you've seen this one yet):

Google Support :: How to find out why email sender is deferred

https://support.google.com/mail/thread/15238559/how-to-find-out-why-email-sender-is-deferred?hl=en

One of the last links on that page includes "bulk_send_new" which 
leads to the following form that promises to help by escalating the 
problem you described:

Sender Contact Form :: Bulk Sender Escalation

https://support.google.com/mail/contact/gmail_bulk_sender_escalation

The second part of that form provides one HTML textarea to submit a 
summary of the problem, and another for a detailed explanation.

I hope this will be at least somewhat helpful to you in getting your 
eMail issue sorted.

> I know, I'm not alone in this... :(
> 
> I like to think that it's still feasible to run one's own email. I have for 
> many years, and currently manage about a dozen email domains for family and 
> friends. Most of the time all good. 
> 
> Then today my dad says to me "Why am I getting these bounce messages?" 
> 
> I check, and Gmail are deferring an email he sends every week to a group of 
> friends, 20 all up, 15 of them on Gmail, saying his SPF domain is a source of 
> unsolicited email (421-4.7.28). Outlook and Hotmail accept OK. 
> 
> This domain is old, not compromised, has SPF, DKIM (1024bit), DMARC, all 
> valid. We send using TLS. We have correct PTR. His emails go out fully signed 
> and pass checks. We don't send commercial emails, and that domain name is low 
> volume and all emails individually written and sent through a webmail client, 
> none of it is automated. 
> 
> Are we wasting time even trying any more? 
> 
> You can't even submit a request to them for help, because they ignore it 
> unless you attach valid and current mis-classified headers from within gmail. 
> Umm.. how can I do that when they're not accepting the email? 
> 
> Simon Wilson
> M: 0400 121 116


-- 
Postmaster - postmas...@inter-corporate.com
Randolf Richardson, CNA - rand...@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
https://www.inter-corporate.com/


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop