Re: [mailop] [spamhaus] de-listing requests successful, but only for a couple of days.

[Jarland Donnell via mailop]

I'm gonna be "that guy" though for a minute.

If there are any IPv6 only mail servers, they are hobbyists trying to 
prove a point. There are a ton of IPv4 only mail servers. In short, 
there is no benefit to sending mail over IPv6 beyond the ideological 
preference some people have for feeling like they're ushering in the 
future. A future they've been predicting would arrive any day now for 
well over a decade.


On 2024-03-16 11:44, Bill Cole via mailop wrote:

On 2024-03-14 at 20:26:00 UTC-0400 (Thu, 14 Mar 2024 17:26:00 -0700)
Jay Hennigan via mailop 
is rumored to have said:


On 3/14/24 15:18, Michael Grimm via mailop wrote:

OVH is sharing a /64 subnet among multiple customers since they 
started their public cloud project. You are only provided with a 
single IPv6 address for your instance. In the years before that, I 
had had access to an exclusive /64 subnet.


This is very bad practice on OVH's part. Why are they doing this? Are 
they afraid of running out of IPv6 addresses?


Unlikely.

They are afraid of running out of the scarcity that allows them to make 
money by hoarding addresses and selling the clean ones at a premium.


Proper IPv6 deployment by mass-market hosters and ISPs is an attack on 
their business models. It is, in a sense, anti-capitalist in that it 
eliminates any meaningful address scarcity and so eliminates the 
profitable market for usable addresses.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] mailop and DKIM signatures

[John Levine via mailop]

It appears that Marco Moock via mailop  said:
>> But who will follow 13 years old standard... ;-)
>
>When Google and Co. make DKIM mandatory, this will be hard, because
>those messages are likely to be rejected.

Why do you imagine that Google is unable to read the specs?  I know
people at Google who work on this and they are quite aware of what
the standards say.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] mailop and DKIM signatures

[Marco Moock via mailop]

Am 16.03.2024 um 20:31:33 Uhr schrieb Slavko via mailop:

> Dňa 16. marca 2024 19:19:21 UTC používateľ John Levine via mailop
>  napísal:
> 
> >The DKIM RFC very clearly says that an invalid DKIM signature is
> >equivalent to no signature. I suppose there may be people who wrongly
> >misinterpret an invalid signature as saying something bad about the
> >message, but there's not much we can do about people who don't bother
> >to read the spec.  
> 
> And the same RCF clearly suggests to leave other (even invalid)
> signatures untouched.
> 
> But who will follow 13 years old standard... ;-)

When Google and Co. make DKIM mandatory, this will be hard, because
those messages are likely to be rejected.


-- 
kind regards
Marco

Send spam to 1710617493mu...@cartoonies.org
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] mailop and DKIM signatures

[Gellner, Oliver via mailop]

> On 16.03.2024 at 17:06 Marco Moock via mailop wrote:
>
> Wouldn't it be better to remove that and add mailop's own DKIM
> signature, that will pass?

Depending on the kind of changes which have been applied to the message you can 
reverse the transformations and verify the original DKIM signatures. A member 
of this list developed a software to do this programmatically.
Even if you‘re not interested in this, the only reason I can think of to strip 
existing (DKIM) headers would be to hide information where a message originated 
from. That’s not something this mailing list aims to do.

—
BR Oliver



dmTECH GmbH
Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe
Telefon 0721 5592-2500 Telefax 0721 5592-2777
dmt...@dm.de * www.dmTECH.de
GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927
Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher

Datenschutzrechtliche Informationen
Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser 
ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in 
Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder sich 
bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen unter 
anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren Rechten sowie 
die Kontaktdaten unserer Datenschutzbeauftragten finden Sie 
hier.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] mailop and DKIM signatures

[Slavko via mailop]

Dňa 16. marca 2024 19:19:21 UTC používateľ John Levine via mailop 
 napísal:

>The DKIM RFC very clearly says that an invalid DKIM signature is
>equivalent to no signature. I suppose there may be people who wrongly
>misinterpret an invalid signature as saying something bad about the
>message, but there's not much we can do about people who don't bother
>to read the spec.

And the same RCF clearly suggests to leave other (even invalid)
signatures untouched.

But who will follow 13 years old standard... ;-)

regards


-- 
Slavko
https://www.slavino.sk/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] mailop and DKIM signatures

[John Levine via mailop]

It appears that Marco Moock via mailop  said:
>Hello!
>
>Since enabling DKIM outgoing and verify incoming, I notice the DKIM
>fails (although, I don't reject).
>One of them is this mailing list.
>
>Is there a reason for changing the content of the mail AND keeping the
>original DKIM signature?

The DKIM RFC very clearly says that an invalid DKIM signature is
equivalent to no signature. I suppose there may be people who wrongly
misinterpret an invalid signature as saying something bad about the
message, but there's not much we can do about people who don't bother
to read the spec.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] mailop and DKIM signatures

[Andy Smith via mailop]

Hi,

On Sat, Mar 16, 2024 at 04:56:29PM +0100, Marco Moock via mailop wrote:
> Is there a reason for changing the content of the mail AND keeping the
> original DKIM signature?
> 
> Wouldn't it be better to remove that and add mailop's own DKIM
> signature, that will pass?

Not speaking for the list admins but it seems they are relying on
the Mailman feature of rewriting from when sender's DKIM policy is
reject or quarantine. So if you were to set one of those policies,
your address would not be used and your DKIM would not matter.

I don't know what is better in general or for this list in
particular. Many of the Mailman lists that I run have users that
specifically ask for footer text and subject tag, so for those lists
I rewrite from unconditionally to avoid DKIM problems.

On this list one might argue¹ that we all have MUAs capable of
filtering etc. without subject tag and that we all know where the
mail came from without an explanatory footer because we know to look
at List-* headers. So maybe there is a better argument here for
doing away with all of that in an effort to preserve DKIM
signatures.

Thanks,
Andy

¹ Though still I would be unsurprised to hear dissent on this.

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [spamhaus] de-listing requests successful, but only for a couple of days.

[Bill Cole via mailop]

On 2024-03-14 at 20:26:00 UTC-0400 (Thu, 14 Mar 2024 17:26:00 -0700)
Jay Hennigan via mailop 
is rumored to have said:


On 3/14/24 15:18, Michael Grimm via mailop wrote:

OVH is sharing a /64 subnet among multiple customers since they 
started their public cloud project. You are only provided with a 
single IPv6 address for your instance. In the years before that, I 
had had access to an exclusive /64 subnet.


This is very bad practice on OVH's part. Why are they doing this? Are 
they afraid of running out of IPv6 addresses?


Unlikely.

They are afraid of running out of the scarcity that allows them to make 
money by hoarding addresses and selling the clean ones at a premium.


Proper IPv6 deployment by mass-market hosters and ISPs is an attack on 
their business models. It is, in a sense, anti-capitalist in that it 
eliminates any meaningful address scarcity and so eliminates the 
profitable market for usable addresses.




--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] mailop and DKIM signatures

[Marco Moock via mailop]

Hello!

Since enabling DKIM outgoing and verify incoming, I notice the DKIM
fails (although, I don't reject).
One of them is this mailing list.

Is there a reason for changing the content of the mail AND keeping the
original DKIM signature?

Wouldn't it be better to remove that and add mailop's own DKIM
signature, that will pass?

-- 
kind regards
Marco

Send spam to 1710604096mu...@cartoonies.org
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Ubuntu Noble/24.04 - TLS 1.0, 1.1 and DTLS 1.0 are forcefully disabled

[Marco Moock via mailop]

Am 14.03.2024 um 11:58:24 Uhr schrieb Slavko via mailop:

> Dňa 14. 3. o 10:21 Andrew C Aitchison via mailop napísal(a):
> 
> > Given that TLS encryption in SMTP is hop-by-hop rather than
> > end-to-end, I am not convinced that this is a significant reduction
> > in security.  
> 
> Of course, SMTP is hop-by-hop by design, but how important is that 
> hop-by-hop nowadays? Open relays are gone, source routing is gone, 
> forwarding is not as simple as it was in past (it must be done
> properly)...

Forwarding (e.g. forwarding as attachment etc.) is still a thing and if
it is about security, I only trust e2e encrypted mails to be not
eavesdropped. Everything else is just a guess and nothing else.

> I mean, that one will delivery message to recipient's MX host
> directly, not over random (unknown) hops, in worse case it will
> delivery it to backup MX (but that haven't be random hop). Thus we
> can assume target MX as final target in public net.

Some use a service as a backup MX. You don't have control over that.
TLS encryption uses additional resources and sometimes it will be
considered to disable it on some server to save resources (I have
already heard such a discussion).

> Of course, in some (most?) cases the target MX host will not be final 
> delivery target and will forward message to some MDA, eventually over 
> multiple MTAs, but i will consider that as internal thing (secured by 
> some way).

Don't assume it is in any way secured. In most cases, it isn't (e.g. by
IPsec etc.).
There can be a forward to another domain that is completely unsecured.

> IMO in most cases it is reasonable to forget about hop-by-hop nature
> in SMTP as argument nowadays. Or i miss something?

No, I don't think so, just some cases are unlikely today.

-- 
kind regards
Marco
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Google unsolicited mail rejected with 421

[Marco Moock via mailop]

Am 16.03.2024 um 13:08:52 Uhr schrieb Benny Pedersen via mailop:

> Marco Moock via mailop skrev den 2024-03-16 12:46:
> > Am 14.03.2024 um 10:28:13 Uhr schrieb Julian Bradfield via mailop:
> >   
> >> Their latest daftness (latest in my noticing it, anyway) is
> >> rate-limiting on the basis of too many recipients for a single
> >> message-id, where "too many" varies from 6 to 30. You'd think
> >> they'd never heard of organization mailing lists.  
> > 
> > That seems to be the case here too.
> > If I reply to somebody a gmail directly (not to the list) it gets
> > through.  
> 
> bingo its why its tempfailed, gmail should redesign how to handle 
> maillists where message-id can come to inbound on gmail, should not 
> count on message-id abuse counts

The current situation is even worse when mailing list subscribers
forward their stuff to gmail. That will result in many, many
"unsolicited" mails because those servers will try it a few times
because of the tempfail.

A rather crappy solution by Google.


-- 
Gruß
Marco

Send spam to 1710590932mu...@cartoonies.org
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [E] Domain related AT block issue

[Lili Crowley via mailop]

Replied off list

*Lili Crowley*

she/her

Postmaster








On Sat, Mar 16, 2024 at 7:56 AM Udeme via mailop  wrote:

> Hi folks,
>
> Please could someone from AT reach out to me off-list? A couple of
> customers are experiencing issues with a domain being blocked.
>
> We’ve tried the normal, public channels with minimal luck.
>
> Thanks in advance!
>
> Udeme
> Email Deliverability Manager, AWS SES
> ___
> mailop mailing list
> mailop@mailop.org
>
> https://urldefense.com/v3/__https://list.mailop.org/listinfo/mailop__;!!Op6eflyXZCqGR5I!HoQK7XRA70fXwScNNsx5ziLU8CG5_6PkEZyAI12g325n4BDS2upRcE1yUbv0R6Ne4donR9jkYJlza3zx5e4$
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Google unsolicited mail rejected with 421

[Benny Pedersen via mailop]

Marco Moock via mailop skrev den 2024-03-16 12:46:

Am 14.03.2024 um 10:28:13 Uhr schrieb Julian Bradfield via mailop:


Their latest daftness (latest in my noticing it, anyway) is
rate-limiting on the basis of too many recipients for a single
message-id, where "too many" varies from 6 to 30. You'd think they'd
never heard of organization mailing lists.


That seems to be the case here too.
If I reply to somebody a gmail directly (not to the list) it gets
through.


bingo its why its tempfailed, gmail should redesign how to handle 
maillists where message-id can come to inbound on gmail, should not 
count on message-id abuse counts



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Domain related AT block issue

[Udeme via mailop]

Hi folks,

Please could someone from AT reach out to me off-list? A couple of
customers are experiencing issues with a domain being blocked.

We’ve tried the normal, public channels with minimal luck.

Thanks in advance!

Udeme
Email Deliverability Manager, AWS SES
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Google unsolicited mail rejected with 421

[Marco Moock via mailop]

Am 14.03.2024 um 10:28:13 Uhr schrieb Julian Bradfield via mailop:

> Their latest daftness (latest in my noticing it, anyway) is
> rate-limiting on the basis of too many recipients for a single
> message-id, where "too many" varies from 6 to 30. You'd think they'd
> never heard of organization mailing lists.

That seems to be the case here too.
If I reply to somebody a gmail directly (not to the list) it gets
through.

-- 
kind regards
Marco

Send spam to 1710408493mu...@cartoonies.org
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Google unsolicited mail rejected with 421

[Stuart Henderson via mailop]

On 2024/03/14 10:28, Julian Bradfield via mailop wrote:
> Their latest daftness (latest in my noticing it, anyway) is
> rate-limiting on the basis of too many recipients for a single
> message-id, where "too many" varies from 6 to 30. You'd think they'd
> never heard of organization mailing lists.

Same problem for the openbsd.org mailing lists:

"Gmail has detected this message exceeded its quota for sending messages
with the same Message-ID. To best protect our users, the message has
been temporarily rejected"

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Google unsolicited mail rejected with 421

[Marco Moock via mailop]

Am Thu, 14 Mar 2024 10:04:42 +0100
schrieb Marco Moock via mailop :

> Although, I send only a very small amount of mail to Google. Do they
> use that to calculate the rate?

I got that error again. I participated in some mailing lists with
gmail subscribers.
One of those subscribers has a forward to Google and I got an email
from their MTA that Google temp rejected it there too.

Does every attempt count here for Google's calculation?
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop