Re: [mailop] too many bad IP blocked
On Fri, 2024-06-21 at 01:01 +, Ferris, Rhys (SCC) via mailop wrote: > > > > I guess my mentality is a large IPTables is still less of a load > than letting them establish a connection and attempt to > authenticate, but I'm certainly open to better ideas. Somewhat OT, but if you can switch to nftables, loading a very large set (100K+ entries) takes like a second and it's O(1) to test against. You can also use ipset with iptables to similar effect, although loading the set takes quite a while at first. You can modify things like fail2ban or ossec to update the sets instead of creating new rules, too. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] problem setting up open-dmarc
On Tue, 2024-02-06 at 17:46 -0500, John Covici via mailop wrote: > Hi. I am trying to make sure my mail server is properly > authenticated, and I have spf and dkim set up -- seemingly > correctly > -- but I am not sure about dmarc. I have downloaded and installed > the > open-dmarc package and I have the text record I will have to put in > the zone, but I don't know what to put in > /etc/openmarc/opendmarc.conf -- its quite a large file and I am not > sure what I really need in it. You don't need to do anything with opendmarc to send authenticated mail. It's used to check incoming email from other people. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Dkim fails, success on same email?
On Fri, 2023-06-16 at 18:05 +, Salvatore Jr Walter P via mailop wrote: > > > Getting reports back from several ISPs like the one below. > It shows dkim failing for the IP, but successful for the domain? > The domain “mail-dkim-us-west-2.prod.hydra.sophos.com” uses > multiple IPs, > One of which is “198.154.181.72”. We do receive failures on all > other IPs as well. > Is this an actual issue or something we can ignore? > > > > 198.154.181.72 > 1 > > none > fail > pass > > > > warwickri.gov > > > > mail-dkim-us-west-2.prod.hydra.sophos.com > v1 > pass > > > warwickri.gov > pass > > > It appears you're DKIM-signing it, but not with an identifier aligned with your From: domain. So DKIM passes but not in a way that satisfies DMARC. It passed DMARC only because it passes SPF. You should add a DKIM signature from a domain aligned with your From: domain. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] How to delegate DMARC reporting to third-party providers for inbound mails
On Tue, 2022-11-29 at 09:15 -0500, Muyeed Ali via mailop wrote: > -- Got it. Wanted to avoid a self-managed service. But if any > third-party solution does not work, will try to integrate rspamd > with Postfix and keep in mind the loop-y behavior. opendmarc is an easy integration and just needs a MySQL database and a cron job to send reports off its own logs. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] The oligopoly has won.
On Tue, 2022-09-13 at 09:30 +0100, Laura Atkins via mailop wrote: > > > > That’s not what I’m seeing at all. What I’m seeing is complaints > that it’s difficult to host your own email without any real > commitment of resources (whether those resources be time or money). > A lot of the complaints I’m seeing are from folks who don’t want to > really pay for hosting at a reputable provider that takes action > against abuse. Who is this VPS provider that acts immediately on abuse and therefore is never bulk-blocked at the majors? Is there one? More than one? Define "really pay". I do know what I'm doing, but I find I have to smarthost my mail out through a relay to get it reliably delivered. The subset of VPS providers that do IPV6, reverse DNS, are reliably up, and allow any Linux variant are small enough as it is. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Microsoft Office365 blocking non Oauth2 authentication on IMAP and SMTP.
On Fri, 2022-08-19 at 10:19 -0500, Mike Hammett via mailop wrote: > > I wonder: How do other Microsoft Office365 customers mitigate this > situation? If O365 no longer meets their needs, I guess maybe they'll have to use something different. Or change their needs. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Best practice for mailing list servers
On Tue, 2022-06-14 at 19:07 +0200, Slavko via mailop wrote: > Ahoj, > > Dňa Tue, 14 Jun 2022 16:51:55 + Ken O'Driscoll via mailop > napísal: > > > I wouldn't suggest that you implement DMARC on your list domain > > as it > > won't help with deliverability and will just cause more issues. > > It's > > not really designed for mailing lists. > > Please, what issues will cause DMARC with policy None? Would not be > better to suggest this instead of no DMARC? You need to replace the From: address with your own address if you're going to use any DMARC (or if the original sender uses DMARC). ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] What the f**k, Google?
On Wed, 2022-03-02 at 17:28 +, Simon Arlott via mailop wrote: > On 2 March 2022 17:12:14 GMT, Edgaras | SENDER via mailop > wrote: > > > There's literally nothing you can do as a sender to prevent your > > reputation from being trashed. > > No, that's quite clearly not literally true. Stop DKIM signing the > spam email and the problem goes away. > This. If you're sending mail on behalf of a stranger, perhaps you should only sign it with their domain. It does seem like Google could notice "old" date headers and BCCs and the fact the mail is coming from a dedicated spam factory and maybe treat it a little differently, though. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] MX advice for small operator
On Thu, 2021-12-16 at 13:29 -0500, John Levine via mailop wrote: > It appears that Sam Mulvey via mailop said: > > I'm looking for advice for a reputable organization that can > > serve as a > > net-facing MX for my very small mail server. Feel free to email > > me > > off-list with contacts or advice. > > smtp.com seems OK and their low volume plan is $25/mo > > I hate to suggest it here, but sendgrid's free plan lets you send > 100 messages/day. > or $15/mo for more than you will ever send. Neither preserve the envelope sender or, therefore, return bounces to the sender, which I found a pain for a smarthost. DuoCircle and Dynu's relay services both do. fwiw. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Air Canada sending from Adobe space failing to send to server with Let's Encrypt SSL certificate
This may be from Marketo or something? Whois shows Adobe with an ab...@marketo.com contact address. Oct 25 10:10:50 hyperion postfix/smtpd[1588023]: connect from r117.mail.aircanada.com[172.82.216.117] Oct 25 10:10:51 hyperion postfix/smtpd[1588023]: SSL_accept error from r117.mail.aircanada.com[172.82.216.117]: -1 Oct 25 10:10:51 hyperion postfix/smtpd[1588023]: warning: TLS library problem: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:ssl/record/rec_layer_s3.c:1543:SSL alert number 45: Oct 25 10:10:51 hyperion postfix/smtpd[1588023]: lost connection after STARTTLS from r117.mail.aircanada.com[172.82.216.117] Oct 25 10:10:51 hyperion postfix/smtpd[1588023]: disconnect from r117.mail.aircanada.com[172.82.216.117] ehlo=1 starttls=0/1 commands=1/2 --- This is almost certainly caused by the expiration of the DST Root CA X3 certificate: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ If anyone has a contact at this sender please suggest that they install a trust certificate for Let's Encrypt's current root certificate (and maybe any other security updates that they've missed since 2017). Thanks. signature.asc Description: This is a digitally signed message part ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] So how do you actually manage to send mails to outlook/hotmail?
On Mon, 2021-07-12 at 00:11 +0200, Marcus Hoffmann via mailop wrote: > > Someone suggested routing emails to MS and google domains through Amazon > SES. Would that actually make things better? I'd suggest a more end-user friendly relay, like Duocircle or Dynu's relay service, who don't mess with your envelope sender address, but yes it would help. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Technical Contact to paddle.com mail platform operator?
On Mon, 2021-07-05 at 19:42 +0200, Konstantin Filtschew / Qameta via mailop wrote: > They are not using postmark. > > Received mails from paddle from this addresses: > > 2021-06-29 mta214a-ord.mtasv.net [104.245.209.214] > 2021-06-29 mta216a-ord.mtasv.net [104.245.209.216] > 2020-11-25 mta200a-ord.mtasv.net [104.245.209.200] > > Hope it'll help mtasv.net is Postmark. The recipient was probably suppressed at Postmark due to a previous rejection. The sender would have to manually remove the suppression. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Malware waves from hotmail.com
On Fri, 2021-06-04 at 18:08 -0500, Scott Mutter via mailop wrote: > On Fri, Jun 4, 2021 at 1:24 PM Michael Peddemors via mailop > wrote: > > With apache, you can use modsecurity quite easily, and you can block all > > azure (and other cloud providers ranges) from certain services like > > wordpress, or contact forms etc.. (you can even do dns based checks or > > rbldnsd) .. > > > > > > > Are there any links for this? AFAIK mod_security is just a module - to > actually do anything it requires a ruleset. Further from that, how does it > determine what is Azure and what is not? Is it just blocking IP addresses? > Seems you'd need a list of all of the Azure IP address space. And from what > I have seen the offending IPs are all over the place: > > 157.55.39.138 > 207.46.13.5 > 20.83.33.136 > 20.94.247.9 > 40.124.141.27 > 40.124.141.27 > 40.124.193.244 > 40.76.220.206 > > Are just a few. > > But if there's a way to block Azure and other cloud based services, I'd be > interested in that. But I'd suspect you'd need a list of all of their IP > address spaces - is that information available some where? These should give everything routed to AS8075 (Microsoft) as of yesterday. It's a good start. V4URL=`curl -s https://publicdata.caida.org/datasets/routing/routeviews-prefix2as/pfx2as-creation.log -o - | tail --lines=1 | awk '{print "https://publicdata.caida.org/datasets/routing/routeviews-prefix2as/"$3}'` ; curl -s "${V4URL}" -o - | zegrep "\s8075$" | awk '{print $1"/"$2}' V6URL=`curl -s https://publicdata.caida.org/datasets/routing/routeviews6-prefix2as/pfx2as-creation.log -o - | tail --lines=1 | awk '{print "https://publicdata.caida.org/datasets/routing/routeviews6-prefix2as/"$3}'` ; curl -s "${V6URL}" -o - | zegrep "\s8075$" | awk '{print $1"/"$2}' ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Malware waves from hotmail.com
On Fri, 2021-06-04 at 11:45 -0500, Scott Mutter via mailop wrote: > Not to hijack this thread and send it off-topic, but I'm also seeing a lot > of brute force attempts (mostly WordPress login attempts) from various and > wide-ranging subnets of Microsoft IPs. > > Has Microsoft's network been compromised? Azure. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] opendmarc fails with tencent.com emails
On Fri, 2021-05-21 at 15:06 +0300, Mary via mailop wrote: > > Hello, > > I am seeing a lot of DMARC errors with emails coming from tencent.com, I am > not sure but based on the opendmarc errors I think these emails are > forwarded via qq.com and the From domain is replaced from @tencent.com to > @qq.com (keeping the user part intact). > > The domain tencent.com has valid SPF+DMARC records, but the qq.com domain > has no TXT records whatsoever. > > Anyone else seen this issue before? is opendmarc at fault? > > > -- SAMPLE > Received: from smtpbg.qq.com (smtpbg552.qq.com [183.3.226.181]) > (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 > bits)) > (No client certificate requested) > by my.server.com (Postfix) with ESMTPS id D4ACD5XZ51 > for ; Fri, 21 May 2021 11:14:12 + (UTC) > Authentication-Results: my.server.com; dmarc=fail (p=none dis=none) > header.from=qq.com > Authentication-Results: my.server.com; spf=pass smtp.mailfrom=l...@tencent.com > Authentication-Results: my.server.com; > dkim=pass (1024-bit key; unprotected) header.d=tencent.com > header.i=@tencent.com header.a=rsa-sha256 header.s=s201512 header.b=Ucwje3sK It's testing qq.com, not tencent.com. They do appear to have an SPF record, fwiw. Which doesn't help DMARC if they don't replace the envelope sender. They'd have to fix that or add a DKIM sig from qq.com. Not sure how tencent's DKIM sig passed; that suggests they put the @qq.com in the From:, or else qq resigned it with a tencent.com key after rewriting the From:. Neither is helpful. qq.com's DMARC policy is p=none, though. Which is good considering how broken that mail is. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [EXTERNAL] Re: Hotmail and block on OVH: possible solutions alternatives?
On Thu, 2021-02-25 at 23:15 +, Andrew C Aitchison via mailop wrote: > On Thu, 25 Feb 2021, Michael Wise via mailop wrote: > >https://go.microsoft.com/fwlink/?LinkID=614866 > > Hmm. No indication of how to specify IPv6 addresses. > Do people think 256 addresses total is reasonable for IPv 6 ? Does Microsoft even accept mail over IPV6? signature.asc Description: This is a digitally signed message part ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Microsoft antispam
On Mon, 2021-02-08 at 14:09 +0100, Ale via mailop wrote: > > Being "properly configured" these days entails needing many things > > that you didn't say. Forward-Reverse-DNS, SPF, DKIM, DMARC just for > > starters. And then more in other places. > > > Impossible to know and so impossible to say. It's a private 3rd party > > reputation scoring system in use. > > Hello, > > I've setup all these things, so *i assume* that my mail server is > properly configured now. the domain it's the same I'm using right now. > But like i said previously, it's a testing server, because i knew > something could go wrong. It's a testing server at ... Hetzner. So, yeah, good luck. Unfortunately getting mail accepted at MS or Google from a new VPS seems to be nearly impossible. I would love to be proved wrong, though, by those more knowledgeable. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Effeciveness (or not) of SPF
On Sun, 2020-12-06 at 14:12 +0100, Hans-Martin Mosner via mailop wrote: > > In your experience, where does SPF really help? What are the use cases that I > don't see in my spam-blocker tunnel vision? SPF is most useful as a fallback mechanism for DMARC. DKIM checks fail at least occasionally for various reasons. You should have an accurate ~all SPF record to allow the majority of those to pass using SPF. Assuming your ESP allows you to use an aligned envelope sender domain, of course. I don't think SPF alone has even been useful for blocking. You can't control who forwards mail to you or which of your recipients forwards their mail elsewhere. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] How to reply to this list?
On Fri, 2020-10-16 at 12:51 +, Larry Struckmeyer via mailop wrote: > Using Outlook thru O365 attempts to reply to a message in this list result > in the reply being addressed to the address of the person being replied to > and not the list. > > > What is the correct way to reply to a message on this list? > > Thanks for your help. Type in the list address, I guess. Or use a better mail client (one that understands the List-Post: header). ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Just how does SendGrid fail this badly?
On Tue, 2020-08-18 at 14:34 -0700, Carl Byington via mailop wrote: > > dhl is asking folks to reject that mail, but sendgrid tries to send it > anyway. > Sendgrid doesn't seem to do any From: address authentication. They're sending email pretending to be from all kinds of random domains. I know they probably have customers that depend on being able to forge addresses, but come on guys, it's 2020, you can't do that anymore. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Google and Spam detection
On Fri, 2020-07-24 at 12:13 -0400, John Levine via mailop wrote: > In article <20200724160354.gg9...@ikki.ethgen.ch> you write: > > I think it might happen that in past hetzner (my hosting provider) ... > > Oh, there's your problem. Hetzner's network spews garbage. I don'taccept any > mail from it at all. Yeah. And unfortunately it seems every VPS and self-hosting provider is in pretty much the same boat for mail delivery nowadays. Too much abuse. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Sendgrid and phishing
On Wed, 2020-06-17 at 08:55 -0500, Michael Rathbun via mailop wrote: > On Wed, 17 Jun 2020 14:00:35 +0100, Tim Bray via mailop w > rote: > > Anybody else seeing increase phishing through sendgrid? They look fairly > > convincing. > > General spam (several per week) and phishing, especially some very nicely > done"Reconfirm you Netflix payment method" at several per day. > Pointing out to users reporting these that blocking Sendgrid entirely > (thetemptation arises) would take out the SG traffic that is highly desired > (atleast 70%). Yeah. Tempting though. I got a dozen phishes literally From: supp...@amazon.com from them a few weeks ago. Just zero attempt to authenticate senders it seems. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] How to allow different domain in envelope and header from? (Is Gmails DMARC check broken?)
On Thu, 2020-06-04 at 13:36 +0200, Benoît Panizzon via mailop wrote: > > So I guess using only SPF and DMARC with a reject policy will not work > if the envelope sender and from domain do not align. Using DMARC p=reject without DKIM is broken anyway. You cannot control how or where your recipients forward their email (and I promise you many of them forward it to Gmail from IP addresses that are not in your SPF record). ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Messages from small personal SMTP server being marked as junk by Google
On Fri, 2020-01-24 at 14:02 +0100, Renaud Allard via mailop wrote: > > On 1/24/20 12:28 PM, Jaroslaw Rafa via mailop wrote: > > In my opinion, "-all" is good only when it is the *only* entry in the SPF > > record, ie. SPF record indicates that the domain does not send mail *at > > all*. > > In all other cases, I think that even if original SPF record specifies > > "-all", the receiving server should override this and interpret it as > > "?all". > > > > I tend to disagree. If you allow every IP to send mail on your behalf, > then why even bother putting an SPF record. For me, only -all makes > sense, all others are just as meaningful as having no SPF records at all. Both SPF and DKIM are most useful as tools to allow DMARC to pass. ~all is perfectly suited to this. It allows most messages to pass SPF without hard-failing forwards (although I agree that almost no one bounces on an SPF hard fail anyway, so -all probably works just as well for most cases). And you hope your DKIM signature survives forwarding in most cases so it will allow the SPF fails to still pass DMARC. In neither case are you trying to identify messages that fail, you are trying to identify messages that pass. You are just trying to provide accurate signals to recipients about messages sent from authenticated sources so they can differentiate them from ones that aren't. And none of this helps get mail to Gmail from a 0-volume host at a generic VPS. You probably can't. Your surrounding network is full of spammers and phishers running on their own or hacked servers, and Google has no reason to think you aren't just one more. The bad guys use SPF too. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Gmail marking email from me as spam
On Mon, 2019-10-07 at 15:34 +0200, Jaroslaw Rafa via mailop wrote: > Hello All, > this is my first post to this list - I just learned about its existence and > someone told me that maybe it is possible to solve my issue here. > > I run my own personal mailserver at rafa.eu.org for quite a few years. All > the time I had absolutely no problems with sending messages to Gmail. Few > weeks ago I learned that Gmail suddenly started marking e-mails that I send > to Gmail users as spam. As users usually never look into their spam folders, > they don't receive my mail. > > Trust me, you're not the only one with this problem. My own server has been on the same IP address for like 8 years, on much cleaner IP space than OVH, and has never sent any bulk or unsolicited mail and Google drops my mail into Spam now too for no reason. There is no technical reason for this, they just apparently don't want mail from infrequent senders. Or just don't want anyone running their own mail server, take your pick. I hear pretty much every day someone with the same problem. It's routine now to see any communication from anyone include "please check your spam folder, we've had a lot of problems with our mail being filtered incorrectly". TLDR; it's them, not you. And no I don't think there's anything you can do to fix it :/ ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] booking.com dmarc
On Mon, 2019-06-03 at 15:38 -0700, Carl Byington via mailop wrote: > We can (manually) compensate for errors in dmarc records. For > example,booking.com has a p=reject, but we see mail "From: > .*@booking.com" dkimsigned by sg.booking.com. Strict dmarc would > reject that. We enforce arequirement that mail from booking.com be > signed by either booking.comor sg.booking.com. There are other > domains with similar errors. Unless I misunderstand something, I'm quite sure this is allowed by DMARC in relaxed mode (which booking.com uses, as it is the default). You can sign with a sub-domain or parent domain as long as they share the same organizational domain. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Admin: Gmail users of mailop suspended due to bounces.
On Sat, 2019-04-27 at 15:09 -0400, Bill Cole wrote: > Yes, because the signature included the Sender and List-* headers, > probably non-existent originally, which mailing lists typically > (including this one) add to messages they relay. > Like most mailing lists, mailop both modifies the Subject header and appends a footer to the message. It will always break all pre-existing DKIM signatures. As several others have mentioned, I believe the current Gmail restriction can be overcome by creating a valid SPF record for mailop.org. It's 2019, email authentication is not optional. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] AT MMS gateway email delays
On Thu, 2019-03-28 at 17:24 -0400, Scott Mutter wrote: > > On Thu, Mar 28 4:32PM Scott Evans said : > > I, as I'm sure many here do, use this for our network/service > > monitoring and if all heck breaks loose and I have 100's of > > notifications the @txt results in each appearing as an individual > > text which can be very tedious to Twilio works well as a replacement for sending SMS and is very cheap for low volumes. I use it for nagios with no issues ... or at least, the same issues an email gateway would otherwise have.___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Gmail forwarding blowback
On Wed, 2017-11-08 at 12:20 -0700, Warren Volz wrote: > All, > > One of my users has their account setup to forward mail to Gmail. > Recently I've started to see lots of rejects that look like the > following: > >(expanded from ): host > gmail-smtp-in.l.google.com[2607:f8b0:400e:c04::1a] said: 550-5.7.1 > [ipv6 address 18] Our system has detected that > 550-5.7.1 this message is likely suspicious due to the very low > reputation > of 550-5.7.1 the sending IP address. To best protect our users from > spam, > the 550-5.7.1 message has been blocked. Please visit 550 5.7.1 > https://support.google.com/mail/answer/188131 for more information. > p26si2014836pli.781 - gsmtp (in reply to end of DATA command) > > I've looked over the forwarding best practices provided by google and > we are not modifying the envelope sender. I'd rather not start > throwing away what our filter marks as spam since I leave that up to > the user, but is that the only way to stop the bounces? Also, is the > "18]" an artifact or some kind of error? > > Thanks for the help. IMO, you really can't forward mail to Gmail; they will block you if you forward any spam at all. Gmail accounts can be setup to pull mail in via POP-3, that's a far better way for them to get their mail.___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] autoresponders & envelope-from/return-path
On Tue, 2017-06-06 at 09:02 +0100, Jethro R Binks wrote: > If you add the following headers to your message, regardless of the > envelope sender, you will also greatly reduce the chances of receiving > a > reply to your auto-response: > > Auto-submitted: auto-generated > X-Auto-Response-Suppress: OOF This should actually be X-Auto-Response-Suppress: OOF,AutoReply,DR for maximum effect. And since at least half of MS's software sends autoresponses to the header From: anyway, you might want to add that regardless of what you do with the envelope sender. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] autoresponders & envelope-from/return-path
On Mon, 2017-06-05 at 13:32 -0700, Autumn Tyr-Salvia wrote: > Hello, > A customer of mine is trying to get DMARC set up on a given domain, > and has set up aligned SPF on their corporate mail server. > Unfortunately, we're seeing an issue, and I'm looking for advice on a > resolution. > > When someone sets up an out of office autoresponder on the corporate > mail server, those messages are not configured to use a return-path > address. My understanding is that this is the RFC-correct way to do > that. > > Unfortunately, when you do that, SPF evaluation then defaults to the > HELO domain. Since this customer is using a hosted email service > provider, the HELO domain belongs to their email provider and not > them, which in turn kills their alignment. Thus, DMARC failures on all > autoresponders. > > Thoughts on the best resolution for something like this? The resolution is to DKIM-sign all mail before turning on DMARC. SPF can't pass on forwarded messages, and the sender doesn't control which messages get forwarded or not, the receiver does. Lots of email gets forwarded to Gmail, for instance. And, of course, you have your auto-responder issue - which can never pass SPF, because the identifier has to be aligned with the From: address to pass DMARC.___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Mails to microsoft
On Thursday 09 February 2017 10:15:17 Philip Paeps wrote: > Also note that DMARC breaks forwarding like this (or forwarding breaks > DMARC, depending on your religious affiliation). You can get around SPF > as long as your envelope matches your relay but for DMARC, the From: > domain also needs to be aligned. > Forwarding does not break DMARC. A DMARC pass requires that either SPF or DKIM pass, not both. Forwarding only breaks DMARC if you modify the message and break the DKIM signature. Mailing lists that modify the Subject header or body, for instance, break DMARC. Normal forwarding does not. Forwarding is still a terrible idea, of course. Spam has killed forwarding, IMO. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Deliverability services for non-newsletter services
On Thursday 26 January 2017 11:58:18 Paul Kincaid-Smith wrote: > Here's a partial list of popular email providers that built their business > sending transactional mail: > > Amazon SES > Dyn > Mailchimp (Mandrill) aka The Rocket Science Group > Mailjet > Mailgun > Sendgrid > Sparkpost > Postmark only does transactional and they have much better IP reputation than any of the above. Their features are more limited, though. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Mysterious DKIM failure.
On Saturday 10 December 2016 23:19:26 Bill Cole wrote: > FWIW, Exchange has a long history of playing silly buggers with message > whitespace. I would expect MS to have learned to stop that by now, but, > well, MS... > https://blogs.msdn.microsoft.com/tzink/2016/05/19/why-does-my-email-from-facebook-that-i-forward-from-my-outlook-com-account-get-rejected/ ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop