Re: [mailop] Preserving signing domain reputation

2018-08-29 Thread Luke 
Only speaking from my own experience here, but changing the d= value (and
nothing else) usually causes catastrophic inboxing issues at gmail. None of
the other major providers seem to care. But a new d=, even just adding or
removing a subdomain, causes immediate bulking at gmail. If the mail is
good, it seems to recover within a few days even without taking any action.

Double-signing, and/or rolling out the new domain slowly is definitely the
way to go.

Luke

On Tue, Aug 28, 2018 at 3:11 PM Steve Atkins  wrote:

>
> > On Aug 28, 2018, at 2:46 PM, Jonathan Leist  wrote:
> >
> > Hello,
> >
> > We're currently exploring the possibility of migrating from signing as
> the individual hostnames of our sending IPs to signing as the org domain
> aligned with those hostnames (e.g. signing as example.com instead of
> mail1.example.com). Our main concern is in regards to deliverability, as
> we'd presumably lose years of sending history that we've accumulated with
> those signing domains.
>
> Relevant sending history when it comes to delivery decisions is typically
> measured in weeks so I wouldn't worry about anyone tracking your reputation
> from June, let alone 2017.
>
> > To potentially mitigate impact from the change, I'm considering having
> the d= be the org domain, while i= could remain the actual hostname we've
> historically signed with. So with the example above, they'd be d=
> example.com and i=@mail1.example.com. Would anyone know off hand whether
> we could expect that to help preserve the reputation we've built as a
> sender, given that the i= also carries reputation (from what I've read)?
>
> That wouldn't hurt anything. But I doubt it'd have much effect, as
> recipients are going to use either the d= or the domain part of the i=, not
> both. I'd expect them to just use the d=, mostly.
>
> The "DKIM Way" would be to sign twice, with the old domain and the new
> one, for a while.
>
> But if you're not seeing delivery issues today and you're not changing IP
> addresses, just the d= signing domain, I wouldn't expect much impact from
> just changing the d=. Trying it with a single MTA would let you see any
> impact, and dribble the new d= value into your mail stream.
>
> Cheers,
>   Steve
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Preserving signing domain reputation

2018-08-28 Thread Steve Atkins 

> On Aug 28, 2018, at 2:46 PM, Jonathan Leist  wrote:
> 
> Hello,
> 
> We're currently exploring the possibility of migrating from signing as the 
> individual hostnames of our sending IPs to signing as the org domain aligned 
> with those hostnames (e.g. signing as example.com instead of 
> mail1.example.com). Our main concern is in regards to deliverability, as we'd 
> presumably lose years of sending history that we've accumulated with those 
> signing domains. 

Relevant sending history when it comes to delivery decisions is typically 
measured in weeks so I wouldn't worry about anyone tracking your reputation 
from June, let alone 2017.

> To potentially mitigate impact from the change, I'm considering having the d= 
> be the org domain, while i= could remain the actual hostname we've 
> historically signed with. So with the example above, they'd be d=example.com 
> and i=@mail1.example.com. Would anyone know off hand whether we could expect 
> that to help preserve the reputation we've built as a sender, given that the 
> i= also carries reputation (from what I've read)? 

That wouldn't hurt anything. But I doubt it'd have much effect, as recipients 
are going to use either the d= or the domain part of the i=, not both. I'd 
expect them to just use the d=, mostly.

The "DKIM Way" would be to sign twice, with the old domain and the new one, for 
a while.

But if you're not seeing delivery issues today and you're not changing IP 
addresses, just the d= signing domain, I wouldn't expect much impact from just 
changing the d=. Trying it with a single MTA would let you see any impact, and 
dribble the new d= value into your mail stream.

Cheers,
  Steve


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop