Re: [mailop] FYI - Google/Gmail hard enforcing SPF presence

[Faisal Misle via mailop]

Does anyone have the bounce message they're sending back handy?

On 4/19/22 6:36 PM, Jarland Donnell via mailop wrote:
To add +1 experience to this, I've been seeing it intermittently. Some 
of my customers who lack SPF absolutely cannot deliver mail to Gmail, 
100% rejection due to lack of authentication. Others, not so much. I 
can't pretend to know what the criteria is for falling into the former, 
but it hasn't been a large number of domains we've noticed it on.


On 2022-04-19 02:20, Andre van Eyssen via mailop wrote:

Hi all,

A week or so ago I was dealing with some domains that were nearly 100%
bouncing on delivery to gmail. It turns out that the domain owners had
made registrar/DNS hosting changes and while they managed to create
the MX records correctly, they left out the SPF.

A little testing shows that gmail appears to be rejecting all mail
from domains with no SPF record. Having them create the SPF record
returned their domains to deliverability in about an hour.

Just a heads-up!

Andre.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] FYI - Google/Gmail hard enforcing SPF presence

[Jarland Donnell via mailop]

To add +1 experience to this, I've been seeing it intermittently. Some 
of my customers who lack SPF absolutely cannot deliver mail to Gmail, 
100% rejection due to lack of authentication. Others, not so much. I 
can't pretend to know what the criteria is for falling into the former, 
but it hasn't been a large number of domains we've noticed it on.


On 2022-04-19 02:20, Andre van Eyssen via mailop wrote:

Hi all,

A week or so ago I was dealing with some domains that were nearly 100%
bouncing on delivery to gmail. It turns out that the domain owners had
made registrar/DNS hosting changes and while they managed to create
the MX records correctly, they left out the SPF.

A little testing shows that gmail appears to be rejecting all mail
from domains with no SPF record. Having them create the SPF record
returned their domains to deliverability in about an hour.

Just a heads-up!

Andre.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] FYI - Google/Gmail hard enforcing SPF presence

[John Levine via mailop]

It appears that Andre van Eyssen via mailop  said:
>A little testing shows that gmail appears to be rejecting all mail from 
>domains with no SPF record. Having them create the SPF record returned 
>their domains to deliverability in about an hour.

I found the same thing for friends who were complaining that Gmail
was rejecting their mail.  It took a couple of tries saying to add
exactly this TXT record at that name, but once they did, the mail
flowed again.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] FYI - Google/Gmail hard enforcing SPF presence

[Jaroslaw Rafa via mailop]

Dnia 19.04.2022 o godz. 11:17:54 Scott Mutter via mailop pisze:
> 
> I'm a little surprised people are this upset.  Google's using SPF for what
> it's actually meant for - and yet people are upset because they are doing
> that?

No. "Using SPF for what it's actually meant for" would be honoring what the
domain owner has decided, not attempting "to know better". If domain has a
SPF record, it should be enforced. If it doesn't, SPF check should be
ignored. There is no RFC that says you MUST have a SPF record.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] FYI - Google/Gmail hard enforcing SPF presence

[Laura Atkins via mailop]

> On 19 Apr 2022, at 18:53, Tim Düsterhus via mailop  wrote:
> 
> On 4/19/22 16:57, Laura Atkins via mailop wrote:
>> We just did 2 tests, one with an email that violated half a dozen best 
>> practices and one that has a SPFSoftfail (with no DKIM).
> 
> I believe you accidentally pasted the same test twice, the headers look 100% 
> identical to me.

Oops. 

Really badly formatted email: 

Delivered-To: wttwla...@gmail.com
Received: by 2002:a05:6a20:54a6:b0:7d:b75e:81cc with SMTP id i38csp2956940pzk;
Tue, 19 Apr 2022 07:44:59 -0700 (PDT)
X-Google-Smtp-Source: 
ABdhPJznmP9P9y29YlGiaLzZTxw0NXW8HUbBKmVBAeegvyAXSFlmXFYoYl/b2Xkgh7yVLnt6UuK7
X-Received: by 2002:a5d:6d03:0:b0:20a:7af0:380f with SMTP id 
e3-20020a5d6d0300b0020a7af0380fmr11823278wrq.148.1650379498973;
Tue, 19 Apr 2022 07:44:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1650379498; cv=none;
d=google.com; s=arc-20160816;
b=oAA3r/bEkAyRjN7ZL7C2R9PNSNlehAqTYFpiww5W9ojBBIcPeXwmLRZiMZr3B/Ug5d
 BiJezi7mylKI+UO2ywcAG7h1jmTAeizH3j1ghCzukMp2uh3w3oHZ64R+3JAAajACtRcH
 lc1BkI/RLdsj7uv7tU3ECElQPX80PC1/hPzxYzc8Si/U761BLX3gVgK+QBeie1HX81JO
 HJFtAqVxp/AaVFH4qZuScWJGC23wN5C2Q0pNIytEAc3xk2momvTNrNvYERAqPlYfz32c
 9Li7Yh330SYhCfGwNrCM0tWZJN7/G9YFDPRyWbWh8j71Xqnx3M7XiNrXGPIbcBrvpoNw
 INbg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; 
s=arc-20160816;
h=message-id:subject:from:to:date;
bh=ecGWgWCJeWxJFeM0urOVWP+KOlqqvsQYKOpYUP8nk7I=;
b=P1PMZlNCzI7TENQ2QO8kaSWDTckbB3jDkrrzxUbjxzgJ/SfGFjHSJpyFttLPHKnatk
 pTDj/P5r07tRG7lQ4msWgKZocbyj3y5j6ZNqWRgs189MgDCAb1u533ZJlmRyzWZi2n/3
 u50p14IatncLBfPrcxOwMACDBzPRd8P2h72VGcG5V9cRz27WziJmVOxtVEUJk5Hd+c2Z
 KoQ+Uzf/lRkGwcKo0MDcQ6qMG3swCdMioHmG4N26/VVOBSNDVbRJZ4J0KR+4TZNO4NlT
 gZZKMuWeQvr54C+rtg8ht/OekVrhbksGrKWNoicG78FwORNoUINzJVMAdxhVAWzvWAPq
 Vv2g==
ARC-Authentication-Results: i=1; mx.google.com;
   spf=neutral (google.com: 185.97.236.152 is neither permitted nor denied 
by best guess record for domain of steve@sliver) smtp.mailfrom=steve@sliver
Return-Path: 
Received: from sliver ([185.97.236.152])
by mx.google.com with ESMTP id 
p7-20020adfe60700b00203e90194c2si8108892wrm.582.2022.04.19.07.44.58
for ;
Tue, 19 Apr 2022 07:44:58 -0700 (PDT)
Received-SPF: neutral (google.com: 185.97.236.152 is neither permitted nor 
denied by best guess record for domain of steve@sliver) 
client-ip=185.97.236.152;
Authentication-Results: mx.google.com;
   spf=neutral (google.com: 185.97.236.152 is neither permitted nor denied 
by best guess record for domain of steve@sliver) smtp.mailfrom=steve@sliver
Date: Tue, 19 Apr 2022 15:44:58 +0100
To: wttwla...@gmail.com
From: steve@sliver
Subject: test Tue, 19 Apr 2022 15:44:58 +0100
Message-Id: <20220419154458.051019@sliver>
X-Mailer: swaks v20201014.0 jetmore.org/john/code/swaks/

This is a test mailing

One that mostly conforms to the RFCs. 

Delivered-To: wttwla...@gmail.com
Received: by 2002:a05:6a20:54a6:b0:7d:b75e:81cc with SMTP id i38csp2961601pzk;
Tue, 19 Apr 2022 07:50:37 -0700 (PDT)
X-Google-Smtp-Source: 
ABdhPJzdelAB/vcgsTFh7OdsgiN0lLCP24pEqpJQB3u5+BeRw0wJWFERr07eWGD1nqmfVWBYzp/g
X-Received: by 2002:adf:f943:0:b0:203:b456:c71d with SMTP id 
q3-20020adff94300b00203b456c71dmr12103183wrr.568.1650379836971;
Tue, 19 Apr 2022 07:50:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1650379836; cv=none;
d=google.com; s=arc-20160816;
b=u9bUGGpAm++qienOOtsdojZxEDHIcDQA2kuYs40BSeleAFtgg/mekwNjXxz0MzGQ/w
 a51PSfokRCPDxcDKgcOU7TdlSIVHI4elF1fAKLwHDzwYQfAUZS7zRumHYQ89qD0JqKPm
 b0Ua3iEgDbDEHZEdUZJmEnh7MojFMh7LSu/jM38+mq/rWyneDhZwXFDuaHza7tfqYvNZ
 Vayo2fPrwDGYCxzPZFnU9phFhsU4owWslKy2cL9fQ8BHfA3RqSS2b6UOTFwYXoexp3GR
 ZdUPB4U/D/fD1+zZi7Pyk/FKxkXECzyMlzS0ltyOu813nqikPJu2w6PtrMBucFtz3sDq
 rxsA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; 
s=arc-20160816;
h=message-id:subject:from:to:date;
bh=ecGWgWCJeWxJFeM0urOVWP+KOlqqvsQYKOpYUP8nk7I=;
b=0kz6ln2tXtO/lp0uY8fdTNdWTC//vgV8edm8edlqR9E1Glh4C9dIW1nN/GARf+bwZ7
 5jqDTuQBbeeCeBa6f2h5Qa+/EnTscHcgATJtdC8Vlw8KCp1zbdIVPzBUdPzidAcx0GdO
 Dzt+TpkZAHsmT32xR47of9FRroHppwyyMYfDkgPTIiMQNdwi5k6v7QfCu39SGML3v9LO
 fLzrohKxQ3C2fXzxM6E3S/AzbGZEDC4Dp8PValm2ijSirasPxiseExlquViTXf3kf2M+
 NMtk2A5Ozs2ySwLj+SGzA81n8SbqaHneLBetFjou5aqy0Ty3hZrzht9Z3yo9bYDeySGA
 lhyw==
ARC-Authentication-Results: i=1; mx.google.com;
   spf=softfail (google.com: domain of transitioning 
st...@wordtothewise.com does not designate 185.97.236.152 as permitted sender) 
smtp.mailfrom=st...@wordtothewise.com
Return-Path: 
Received: from m.wordtothewise.com ([185.97.236.152])
by mx.google.com with ESMTP id 
c8-20020adffb4800b00206174b2125si8483775wrs.338.2022.04.19.07.50.36
for ;
Tue, 19 Apr 2022 07:50:36 -0700 (PDT)

Re: [mailop] FYI - Google/Gmail hard enforcing SPF presence

[Tim Düsterhus via mailop]

On 4/19/22 16:57, Laura Atkins via mailop wrote:

We just did 2 tests, one with an email that violated half a dozen best 
practices and one that has a SPFSoftfail (with no DKIM).



I believe you accidentally pasted the same test twice, the headers look 
100% identical to me.


Best regards
Tim Düsterhus
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] FYI - Google/Gmail hard enforcing SPF presence

[Michael Peddemors via mailop]

On 2022-04-19 09:17, Scott Mutter via mailop wrote:
It depends on what Google mail server you are sending to.  Some require 
SPF, some don't.


I think you hit the nail on the head.  If processed by normal Gmail 
servers, probably doesn't enforce SPF.. if the domain/ip have had a 
reputation problem before, then probably handled by servers that do have 
SPF requirements.


Just guessing.. Only Gmail peep's can say for sure.


--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] FYI - Google/Gmail hard enforcing SPF presence

[Scott Mutter via mailop]

It depends on what Google mail server you are sending to.  Some require
SPF, some don't.  Although, maybe they've since closed that loophole.
Google started requiring SPF records back in December 2021 according to the
logs I reviewed (at least for some of their mail servers).  The mail
servers that don't outright reject messages without SPF may be putting
those messages in the spam folder - I can't really verify that.

I'm a little surprised people are this upset.  Google's using SPF for what
it's actually meant for - and yet people are upset because they are doing
that?  What's the point of adding all of these anti-spam and anti-spoofing
measures into SMTP if you're blackballed for actually using them?

SPF is a great tool to prevent spamming and spoofing - but it depends on
the sender knowing how to set up a proper SPF record (as in knowing exactly
what mail servers their domain name is sending out from).  But very few
people know how to do this (or care to know).

I see Google embracing this as a good thing.  It's telling people that they
need to know what they're setting up and set it up properly.  Otherwise,
don't complain about the spam/phishing/spoofing that continues to go on.


On Tue, Apr 19, 2022 at 10:41 AM Laura Atkins via mailop 
wrote:

> On 19 Apr 2022, at 16:11, Michael Peddemors via mailop 
> wrote:
>
>
> And we also see that they have not yet 'hard enforced', but it looks like
> some trigger on a domain results in requiring SPF for that domain.
>
>
> It wouldn’t surprise me if there were some triggers that made
> authentication be looked at harder. But it is demonstrably incorrect to say
> that Google is requiring certain types of authentication for delivery.
>
> Of course, we don't expect Google to reveal their secrets, but we can
> assume things like new IP(s), new domains, sudden traffic surges, or
> customers clicking on 'this is spam' all might cause the requirement for
> SPF on a certain domain.
>
>
> This was a brand new IP without any rDNS (ie, it’s not intended to send
> mail).
>
> I do expect volume plays into it. But, as I’ve been saying: Google’s
> filtering is nuanced and tries to do the right thing most of the time.
>
> laura
>
> --
> The Delivery Experts
>
> Laura Atkins
> Word to the Wise
> la...@wordtothewise.com
>
> Email Delivery Blog: http://wordtothewise.com/blog
>
>
>
>
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] FYI - Google/Gmail hard enforcing SPF presence

[Steve Atkins via mailop]

> On 19 Apr 2022, at 16:11, Michael Peddemors via mailop  
> wrote:
> 
> And we also see that they have not yet 'hard enforced', but it looks like 
> some trigger on a domain results in requiring SPF for that domain.
> 
> Of course, we don't expect Google to reveal their secrets, but we can assume 
> things like new IP(s), new domains, sudden traffic surges, or customers 
> clicking on 'this is spam' all might cause the requirement for SPF on a 
> certain domain.

These were sent from a consumer DSL line with no reverse DNS that’s listed on 
at least one widely used “never accept mail from this IP” list, that has 
virtually no history of IP traffic and zero history of sending email. The mail 
was sent with no SPF, and no DKIM. One of them was sent with no valid return 
path, no valid Message-ID, no valid From: header. Short of my including an 
EICAR test string and an animated gif of me waving a flag saying “DON’T ACCEPT 
THIS MAIL” I can’t think of much else I could do to look less trustworthy.

They both were accepted for delivery just fine.

If you’re being blocked by Google, or “Google is requiring SPF to be accepted” 
or “I had to add DKIM to get mail accepted" then your sending infrastructure, 
history and mailstream reputation is worse than this test setup.

Cheers,
  Steve

> 
> 
> 
> On 2022-04-19 07:57, Laura Atkins via mailop wrote:
>> Short version: google is not hard enforcing SPF presence. Copies of emails 
>> delivered to my google spam folder are attached.
>>> On 19 Apr 2022, at 14:54, Lichtinger, Bernhard via mailop 
>>> mailto:mailop@mailop.org>> wrote:
>>> 
>>> Hi,
>>> 
 Well i have no SPF records. See [doraji.xyz ]. And all 
 incoming emails go
 to Gmail(soyeo...@gmail.com ) by forwarding. 
 The Gmail is my final inbox
 provider. Really there are no troubles, at least, to me...
>>> 
>>> My observation is that Gmail enforces authentication via SPF or DKIM since 
>>> the first days of march 2022.
>>> One of SPF or DKIM is sufficient to get mails delivered to Gmail.
>>> It looks like Gmail imposes a DMARC policy of reject for every sender 
>>> domain ignoring the actual DNS entries for DMARC or their absence.
>> We just did 2 tests, one with an email that violated half a dozen best 
>> practices and one that has a SPFSoftfail (with no DKIM).
>> SPF SoftFail delivered to spam:
>>Delivered-To: wttwla...@gmail.com 
>>Received: by 2002:a05:6a20:54a6:b0:7d:b75e:81cc with SMTP id
>>i38csp2956940pzk;
>> Tue, 19 Apr 2022 07:44:59 -0700 (PDT)
>>X-Google-Smtp-Source:
>>
>> ABdhPJznmP9P9y29YlGiaLzZTxw0NXW8HUbBKmVBAeegvyAXSFlmXFYoYl/b2Xkgh7yVLnt6UuK7
>>X-Received: by 2002:a5d:6d03:0:b0:20a:7af0:380f with SMTP id
>>e3-20020a5d6d0300b0020a7af0380fmr11823278wrq.148.1650379498973;
>> Tue, 19 Apr 2022 07:44:58 -0700 (PDT)
>>ARC-Seal: i=1; a=rsa-sha256; t=1650379498; cv=none;
>> d=google.com ; s=arc-20160816;
>>
>> b=oAA3r/bEkAyRjN7ZL7C2R9PNSNlehAqTYFpiww5W9ojBBIcPeXwmLRZiMZr3B/Ug5d
>>  
>> BiJezi7mylKI+UO2ywcAG7h1jmTAeizH3j1ghCzukMp2uh3w3oHZ64R+3JAAajACtRcH
>>  
>> lc1BkI/RLdsj7uv7tU3ECElQPX80PC1/hPzxYzc8Si/U761BLX3gVgK+QBeie1HX81JO
>>  
>> HJFtAqVxp/AaVFH4qZuScWJGC23wN5C2Q0pNIytEAc3xk2momvTNrNvYERAqPlYfz32c
>>  
>> 9Li7Yh330SYhCfGwNrCM0tWZJN7/G9YFDPRyWbWh8j71Xqnx3M7XiNrXGPIbcBrvpoNw
>>  INbg==
>>ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
>>d=google.com ; s=arc-20160816;
>> h=message-id:subject:from:to:date;
>> bh=ecGWgWCJeWxJFeM0urOVWP+KOlqqvsQYKOpYUP8nk7I=;
>>
>> b=P1PMZlNCzI7TENQ2QO8kaSWDTckbB3jDkrrzxUbjxzgJ/SfGFjHSJpyFttLPHKnatk
>>  
>> pTDj/P5r07tRG7lQ4msWgKZocbyj3y5j6ZNqWRgs189MgDCAb1u533ZJlmRyzWZi2n/3
>>  
>> u50p14IatncLBfPrcxOwMACDBzPRd8P2h72VGcG5V9cRz27WziJmVOxtVEUJk5Hd+c2Z
>>  
>> KoQ+Uzf/lRkGwcKo0MDcQ6qMG3swCdMioHmG4N26/VVOBSNDVbRJZ4J0KR+4TZNO4NlT
>>  
>> gZZKMuWeQvr54C+rtg8ht/OekVrhbksGrKWNoicG78FwORNoUINzJVMAdxhVAWzvWAPq
>>  Vv2g==
>>ARC-Authentication-Results: i=1; mx.google.com ;
>>spf=neutral (google.com : 185.97.236.152
>>is neither permitted nor denied by best guess record for domain of
>>steve@sliver) smtp.mailfrom=steve@sliver
>>Return-Path: 
>>Received: from sliver ([185.97.236.152])
>> by mx.google.com  with ESMTP id
>>p7-20020adfe60700b00203e90194c2si8108892wrm.582.2022.04.19.07.44.58
>> for mailto:wttwla...@gmail.com>>;
>> Tue, 19 Apr 2022 07:44:58 -0700 (PDT)
>>Received-SPF: neutral (google.com :
>>185.97.236.152 is neither permitted nor denied by best guess record
>>for domain of 

Re: [mailop] FYI - Google/Gmail hard enforcing SPF presence

[Alexander Bochmann via mailop]

...on 2022-04-19 17:20:04, Andre van Eyssen via mailop wrote:

 > A little testing shows that gmail appears to be rejecting all mail from
 > domains with no SPF record. Having them create the SPF record returned
 > their domains to deliverability in about an hour.

I haven't noticed any recent change, but in general it seemed that 
Gmail was very strict on email delivered via IPv6 for the past couple 
of years, whereas the same sender domains saw no problems when mails 
were sent over IPv4.

Don't have any hard data on this, just casual observation. Though 
at some point I made sure that my systems don't use IPv6 for outgoing 
mail.

Alex.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] FYI - Google/Gmail hard enforcing SPF presence

[Luis E . Muñoz via mailop]

On 19 Apr 2022, at 11:02, Russell Clemings via mailop wrote:

> Several users have reported this and I've seen it myself with a couple of
> messages to my gmail from my website. Still troubleshooting, and it's not
> happening consistently, but a missing DKIM in "show original" seems to be
> the common factor.

FWIW, I have observed this on domains that recently changed their mailbox 
provider and have otherwise short sending history or very low volume.

Best regards

-lem
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] FYI - Google/Gmail hard enforcing SPF presence

[Laura Atkins via mailop]

On 19 Apr 2022, at 16:11, Michael Peddemors via mailop  
wrote:
> 
> And we also see that they have not yet 'hard enforced', but it looks like 
> some trigger on a domain results in requiring SPF for that domain.

It wouldn’t surprise me if there were some triggers that made authentication be 
looked at harder. But it is demonstrably incorrect to say that Google is 
requiring certain types of authentication for delivery. 

> Of course, we don't expect Google to reveal their secrets, but we can assume 
> things like new IP(s), new domains, sudden traffic surges, or customers 
> clicking on 'this is spam' all might cause the requirement for SPF on a 
> certain domain.

This was a brand new IP without any rDNS (ie, it’s not intended to send mail). 

I do expect volume plays into it. But, as I’ve been saying: Google’s filtering 
is nuanced and tries to do the right thing most of the time. 

laura 

-- 
The Delivery Experts

Laura Atkins
Word to the Wise
la...@wordtothewise.com 

Email Delivery Blog: http://wordtothewise.com/blog  






___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] FYI - Google/Gmail hard enforcing SPF presence

[Michael Peddemors via mailop]

And we also see that they have not yet 'hard enforced', but it looks 
like some trigger on a domain results in requiring SPF for that domain.


Of course, we don't expect Google to reveal their secrets, but we can 
assume things like new IP(s), new domains, sudden traffic surges, or 
customers clicking on 'this is spam' all might cause the requirement for 
SPF on a certain domain.




On 2022-04-19 07:57, Laura Atkins via mailop wrote:
Short version: google is not hard enforcing SPF presence. Copies of 
emails delivered to my google spam folder are attached.


On 19 Apr 2022, at 14:54, Lichtinger, Bernhard via mailop 
mailto:mailop@mailop.org>> wrote:


Hi,

Well i have no SPF records. See [doraji.xyz ]. And 
all incoming emails go
to Gmail(soyeo...@gmail.com ) by 
forwarding. The Gmail is my final inbox

provider. Really there are no troubles, at least, to me...


My observation is that Gmail enforces authentication via SPF or DKIM 
since the first days of march 2022.

One of SPF or DKIM is sufficient to get mails delivered to Gmail.
It looks like Gmail imposes a DMARC policy of reject for every sender 
domain ignoring the actual DNS entries for DMARC or their absence.


We just did 2 tests, one with an email that violated half a dozen best 
practices and one that has a SPFSoftfail (with no DKIM).


SPF SoftFail delivered to spam:

Delivered-To: wttwla...@gmail.com 
Received: by 2002:a05:6a20:54a6:b0:7d:b75e:81cc with SMTP id
i38csp2956940pzk;
         Tue, 19 Apr 2022 07:44:59 -0700 (PDT)
X-Google-Smtp-Source:
ABdhPJznmP9P9y29YlGiaLzZTxw0NXW8HUbBKmVBAeegvyAXSFlmXFYoYl/b2Xkgh7yVLnt6UuK7
X-Received: by 2002:a5d:6d03:0:b0:20a:7af0:380f with SMTP id
e3-20020a5d6d0300b0020a7af0380fmr11823278wrq.148.1650379498973;
         Tue, 19 Apr 2022 07:44:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1650379498; cv=none;
         d=google.com ; s=arc-20160816;

b=oAA3r/bEkAyRjN7ZL7C2R9PNSNlehAqTYFpiww5W9ojBBIcPeXwmLRZiMZr3B/Ug5d

  BiJezi7mylKI+UO2ywcAG7h1jmTAeizH3j1ghCzukMp2uh3w3oHZ64R+3JAAajACtRcH

  lc1BkI/RLdsj7uv7tU3ECElQPX80PC1/hPzxYzc8Si/U761BLX3gVgK+QBeie1HX81JO

  HJFtAqVxp/AaVFH4qZuScWJGC23wN5C2Q0pNIytEAc3xk2momvTNrNvYERAqPlYfz32c

  9Li7Yh330SYhCfGwNrCM0tWZJN7/G9YFDPRyWbWh8j71Xqnx3M7XiNrXGPIbcBrvpoNw

          INbg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
d=google.com ; s=arc-20160816;
         h=message-id:subject:from:to:date;
         bh=ecGWgWCJeWxJFeM0urOVWP+KOlqqvsQYKOpYUP8nk7I=;

b=P1PMZlNCzI7TENQ2QO8kaSWDTckbB3jDkrrzxUbjxzgJ/SfGFjHSJpyFttLPHKnatk

  pTDj/P5r07tRG7lQ4msWgKZocbyj3y5j6ZNqWRgs189MgDCAb1u533ZJlmRyzWZi2n/3

  u50p14IatncLBfPrcxOwMACDBzPRd8P2h72VGcG5V9cRz27WziJmVOxtVEUJk5Hd+c2Z

  KoQ+Uzf/lRkGwcKo0MDcQ6qMG3swCdMioHmG4N26/VVOBSNDVbRJZ4J0KR+4TZNO4NlT

  gZZKMuWeQvr54C+rtg8ht/OekVrhbksGrKWNoicG78FwORNoUINzJVMAdxhVAWzvWAPq

          Vv2g==
ARC-Authentication-Results: i=1; mx.google.com ;
        spf=neutral (google.com : 185.97.236.152
is neither permitted nor denied by best guess record for domain of
steve@sliver) smtp.mailfrom=steve@sliver
Return-Path: 
Received: from sliver ([185.97.236.152])
         by mx.google.com  with ESMTP id
p7-20020adfe60700b00203e90194c2si8108892wrm.582.2022.04.19.07.44.58
         for mailto:wttwla...@gmail.com>>;
         Tue, 19 Apr 2022 07:44:58 -0700 (PDT)
Received-SPF: neutral (google.com :
185.97.236.152 is neither permitted nor denied by best guess record
for domain of steve@sliver) client-ip=185.97.236.152;
Authentication-Results: mx.google.com ;
        spf=neutral (google.com : 185.97.236.152
is neither permitted nor denied by best guess record for domain of
steve@sliver) smtp.mailfrom=steve@sliver
Date: Tue, 19 Apr 2022 15:44:58 +0100
To: wttwla...@gmail.com 
From: steve@sliver
Subject: test Tue, 19 Apr 2022 15:44:58 +0100
Message-Id: <20220419154458.051019@sliver>
X-Mailer: swaks v20201014.0 jetmore.org/john/code/swaks/


This is a test mailing


This message probably shouldn’t have been accepted. The number of spec 
and best practice violations is extremely high. But it, too, ended up in 
my spam folder.


Delivered-To: wttwla...@gmail.com 
Received: by 2002:a05:6a20:54a6:b0:7d:b75e:81cc with SMTP id
i38csp2956940pzk;
         Tue, 19 Apr 2022 07:44:59 -0700 (PDT)
X-Google-Smtp-Source:

Re: [mailop] FYI - Google/Gmail hard enforcing SPF presence

[Russell Clemings via mailop]

I've noticed though that if you don't have _both_ SPF and DKIM, you risk
getting routed to the spam folder, and/or getting the scary yellow "Be
careful with this message" warning.

Several users have reported this and I've seen it myself with a couple of
messages to my gmail from my website. Still troubleshooting, and it's not
happening consistently, but a missing DKIM in "show original" seems to be
the common factor.



On Tue, Apr 19, 2022 at 7:08 AM Lichtinger, Bernhard via mailop <
mailop@mailop.org> wrote:

> Hi,
>
> > Well i have no SPF records. See [doraji.xyz]. And all incoming emails go
> > to Gmail(soyeo...@gmail.com) by forwarding. The Gmail is my final inbox
> > provider. Really there are no troubles, at least, to me...
>
> My observation is that Gmail enforces authentication via SPF or DKIM since
> the first days of march 2022.
> One of SPF or DKIM is sufficient to get mails delivered to Gmail.
> It looks like Gmail imposes a DMARC policy of reject for every sender
> domain ignoring the actual DNS entries for DMARC or their absence.
>
>
> Regards,
> Bernhard
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>


-- 
===
Russell Clemings

===
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] FYI - Google/Gmail hard enforcing SPF presence

[Laura Atkins via mailop]

Short version: google is not hard enforcing SPF presence. Copies of emails 
delivered to my google spam folder are attached. 

> On 19 Apr 2022, at 14:54, Lichtinger, Bernhard via mailop  
> wrote:
> 
> Hi,
> 
>> Well i have no SPF records. See [doraji.xyz]. And all incoming emails go
>> to Gmail(soyeo...@gmail.com) by forwarding. The Gmail is my final inbox
>> provider. Really there are no troubles, at least, to me...
> 
> My observation is that Gmail enforces authentication via SPF or DKIM since 
> the first days of march 2022.
> One of SPF or DKIM is sufficient to get mails delivered to Gmail. 
> It looks like Gmail imposes a DMARC policy of reject for every sender domain 
> ignoring the actual DNS entries for DMARC or their absence.

We just did 2 tests, one with an email that violated half a dozen best 
practices and one that has a SPFSoftfail (with no DKIM).

SPF SoftFail delivered to spam: 

Delivered-To: wttwla...@gmail.com
Received: by 2002:a05:6a20:54a6:b0:7d:b75e:81cc with SMTP id i38csp2956940pzk;
Tue, 19 Apr 2022 07:44:59 -0700 (PDT)
X-Google-Smtp-Source: 
ABdhPJznmP9P9y29YlGiaLzZTxw0NXW8HUbBKmVBAeegvyAXSFlmXFYoYl/b2Xkgh7yVLnt6UuK7
X-Received: by 2002:a5d:6d03:0:b0:20a:7af0:380f with SMTP id 
e3-20020a5d6d0300b0020a7af0380fmr11823278wrq.148.1650379498973;
Tue, 19 Apr 2022 07:44:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1650379498; cv=none;
d=google.com; s=arc-20160816;
b=oAA3r/bEkAyRjN7ZL7C2R9PNSNlehAqTYFpiww5W9ojBBIcPeXwmLRZiMZr3B/Ug5d
 BiJezi7mylKI+UO2ywcAG7h1jmTAeizH3j1ghCzukMp2uh3w3oHZ64R+3JAAajACtRcH
 lc1BkI/RLdsj7uv7tU3ECElQPX80PC1/hPzxYzc8Si/U761BLX3gVgK+QBeie1HX81JO
 HJFtAqVxp/AaVFH4qZuScWJGC23wN5C2Q0pNIytEAc3xk2momvTNrNvYERAqPlYfz32c
 9Li7Yh330SYhCfGwNrCM0tWZJN7/G9YFDPRyWbWh8j71Xqnx3M7XiNrXGPIbcBrvpoNw
 INbg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; 
s=arc-20160816;
h=message-id:subject:from:to:date;
bh=ecGWgWCJeWxJFeM0urOVWP+KOlqqvsQYKOpYUP8nk7I=;
b=P1PMZlNCzI7TENQ2QO8kaSWDTckbB3jDkrrzxUbjxzgJ/SfGFjHSJpyFttLPHKnatk
 pTDj/P5r07tRG7lQ4msWgKZocbyj3y5j6ZNqWRgs189MgDCAb1u533ZJlmRyzWZi2n/3
 u50p14IatncLBfPrcxOwMACDBzPRd8P2h72VGcG5V9cRz27WziJmVOxtVEUJk5Hd+c2Z
 KoQ+Uzf/lRkGwcKo0MDcQ6qMG3swCdMioHmG4N26/VVOBSNDVbRJZ4J0KR+4TZNO4NlT
 gZZKMuWeQvr54C+rtg8ht/OekVrhbksGrKWNoicG78FwORNoUINzJVMAdxhVAWzvWAPq
 Vv2g==
ARC-Authentication-Results: i=1; mx.google.com;
   spf=neutral (google.com: 185.97.236.152 is neither permitted nor denied 
by best guess record for domain of steve@sliver) smtp.mailfrom=steve@sliver
Return-Path: 
Received: from sliver ([185.97.236.152])
by mx.google.com with ESMTP id 
p7-20020adfe60700b00203e90194c2si8108892wrm.582.2022.04.19.07.44.58
for ;
Tue, 19 Apr 2022 07:44:58 -0700 (PDT)
Received-SPF: neutral (google.com: 185.97.236.152 is neither permitted nor 
denied by best guess record for domain of steve@sliver) 
client-ip=185.97.236.152;
Authentication-Results: mx.google.com;
   spf=neutral (google.com: 185.97.236.152 is neither permitted nor denied 
by best guess record for domain of steve@sliver) smtp.mailfrom=steve@sliver
Date: Tue, 19 Apr 2022 15:44:58 +0100
To: wttwla...@gmail.com
From: steve@sliver
Subject: test Tue, 19 Apr 2022 15:44:58 +0100
Message-Id: <20220419154458.051019@sliver>
X-Mailer: swaks v20201014.0 jetmore.org/john/code/swaks/

This is a test mailing

This message probably shouldn’t have been accepted. The number of spec and best 
practice violations is extremely high. But it, too, ended up in my spam folder. 

Delivered-To: wttwla...@gmail.com
Received: by 2002:a05:6a20:54a6:b0:7d:b75e:81cc with SMTP id i38csp2956940pzk;
Tue, 19 Apr 2022 07:44:59 -0700 (PDT)
X-Google-Smtp-Source: 
ABdhPJznmP9P9y29YlGiaLzZTxw0NXW8HUbBKmVBAeegvyAXSFlmXFYoYl/b2Xkgh7yVLnt6UuK7
X-Received: by 2002:a5d:6d03:0:b0:20a:7af0:380f with SMTP id 
e3-20020a5d6d0300b0020a7af0380fmr11823278wrq.148.1650379498973;
Tue, 19 Apr 2022 07:44:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1650379498; cv=none;
d=google.com; s=arc-20160816;
b=oAA3r/bEkAyRjN7ZL7C2R9PNSNlehAqTYFpiww5W9ojBBIcPeXwmLRZiMZr3B/Ug5d
 BiJezi7mylKI+UO2ywcAG7h1jmTAeizH3j1ghCzukMp2uh3w3oHZ64R+3JAAajACtRcH
 lc1BkI/RLdsj7uv7tU3ECElQPX80PC1/hPzxYzc8Si/U761BLX3gVgK+QBeie1HX81JO
 HJFtAqVxp/AaVFH4qZuScWJGC23wN5C2Q0pNIytEAc3xk2momvTNrNvYERAqPlYfz32c
 9Li7Yh330SYhCfGwNrCM0tWZJN7/G9YFDPRyWbWh8j71Xqnx3M7XiNrXGPIbcBrvpoNw
 INbg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; 
s=arc-20160816;
h=message-id:subject:from:to:date;
bh=ecGWgWCJeWxJFeM0urOVWP+KOlqqvsQYKOpYUP8nk7I=;
b=P1PMZlNCzI7TENQ2QO8kaSWDTckbB3jDkrrzxUbjxzgJ/SfGFjHSJpyFttLPHKnatk
 pTDj/P5r07tRG7lQ4msWgKZocbyj3y5j6ZNqWRgs189MgDCAb1u533ZJlmRyzWZi2n/3
 u50p14IatncLBfPrcxOwMACDBzPRd8P2h72VGcG5V9cRz27WziJmVOxtVEUJk5Hd+c2Z
 

Re: [mailop] FYI - Google/Gmail hard enforcing SPF presence

[Slavko via mailop]

Dňa 19. apríla 2022 13:54:30 UTC používateľ "Lichtinger, Bernhard via mailop" 
 napísal:

>It looks like Gmail imposes a DMARC policy of reject for every sender domain 
>ignoring the actual DNS entries for DMARC or their absence.

In other words, gmail know better what is better for me (my domains/mails)  as 
I?

Interesting... Gmail can shutdown their MTAs, this will 100 % solve their SPAM 
problem
-- no one gmail user will receive SPAM anymore, and will solve the SPAM problem
for others too (at least partially).

BTW, if someone is trying to solve your problems, not alvays want to help you...

Slavko
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] FYI - Google/Gmail hard enforcing SPF presence

[Lichtinger, Bernhard via mailop]

Hi,

> Well i have no SPF records. See [doraji.xyz]. And all incoming emails go
> to Gmail(soyeo...@gmail.com) by forwarding. The Gmail is my final inbox
> provider. Really there are no troubles, at least, to me...

My observation is that Gmail enforces authentication via SPF or DKIM since the 
first days of march 2022.
One of SPF or DKIM is sufficient to get mails delivered to Gmail. 
It looks like Gmail imposes a DMARC policy of reject for every sender domain 
ignoring the actual DNS entries for DMARC or their absence.


Regards,
Bernhard




smime.p7s
Description: S/MIME cryptographic signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] FYI - Google/Gmail hard enforcing SPF presence

[Byung-Hee HWANG via mailop]

Dear Andre,

Andre van Eyssen via mailop  writes:

> (... thanks ...)
> A little testing shows that gmail appears to be rejecting all mail
> from domains with no SPF record. Having them create the SPF record
> returned their domains to deliverability in about an hour.

Well i have no SPF records. See [doraji.xyz]. And all incoming emails go
to Gmail(soyeo...@gmail.com) by forwarding. The Gmail is my final inbox
provider. Really there are no troubles, at least, to me...

Thanks!

Sincerely, Linux fan Byung-Hee

-- 
^고맙습니다 _布德天下_ 감사합니다_^))//
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] FYI - Google/Gmail hard enforcing SPF presence

[Andre van Eyssen via mailop]

Hi all,

A week or so ago I was dealing with some domains that were nearly 100% 
bouncing on delivery to gmail. It turns out that the domain owners had 
made registrar/DNS hosting changes and while they managed to create the MX 
records correctly, they left out the SPF.


A little testing shows that gmail appears to be rejecting all mail from 
domains with no SPF record. Having them create the SPF record returned 
their domains to deliverability in about an hour.


Just a heads-up!

Andre.




--
Andre van Eyssen.  Phone: +61 417 211 788
mail: an...@purplecow.org  http://andre.purplecow.org
About & Contact:  http://www.purplecow.org/andre.html
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop