Re: Any ideas how long gmail cache DNS records ?
On Tue, Aug 13, 2024 at 11:38 AM Laura Smith wrote: > > > > On Monday, 12 August 2024 at 16:11, Christopher Morrow > wrote: > > > > > you MIGHT try just using the 'clear the google-public-dns cache' page: > > https://developers.google.com/speed/public-dns/cache > > > > I think we try really hard to NOT do what you think we're doing... > > Thanks Christopher. (Chris is fine :) sorry for reasons a long time ago my email address ended up as this... naming is hard.) > > For the benefit of the list, I received a couple of off-list tip-offs to the > link that Chrstopher suggested. > > I was a bit cynical as I assumed the tool would only have effect on Google's > external caches (i.e. 8.8.8.8). > > The form was failing on Captcha on multiple browsers, which only helped to > raise my level of unhappiness with Google. > huh, the link I sent was dorked up? (if so I'll see if it is also bad for me and report the breakage) > After a bit of searching, I found the same form on another Google page and > having plugged the details into the form, caches were indeed cleared both > internally and externally at Google and gmails started arriving in the right > place. > excellent! i'm glad it worked. > Thanks all for your help on this, both on-list and off-list. (from me) Sure thing!
Re: Any ideas how long gmail cache DNS records ?
> > For the benefit of the list, was that https://dns.google/cache rather > than the previously mentioned > https://developers.google.com/speed/public-dns/cache ? > Yes, my bad Niels ! The one you mention is indeed the one that worked, the other one (and the other other one) just captcha's out.
Re: Any ideas how long gmail cache DNS records ?
* Laura Smith [Tue 13 Aug 2024, 17:39 CEST]: For the benefit of the list, I received a couple of off-list tip-offs to the link that Chrstopher suggested. I was a bit cynical as I assumed the tool would only have effect on Google's external caches (i.e. 8.8.8.8). The form was failing on Captcha on multiple browsers, which only helped to raise my level of unhappiness with Google. After a bit of searching, I found the same form on another Google page and having plugged the details into the form, caches were indeed cleared both internally and externally at Google and gmails started arriving in the right place. For the benefit of the list, was that https://dns.google/cache rather than the previously mentioned https://developers.google.com/speed/public-dns/cache ? --Niels.
Re: Any ideas how long gmail cache DNS records ?
On Monday, 12 August 2024 at 16:11, Christopher Morrow wrote: > > you MIGHT try just using the 'clear the google-public-dns cache' page: > https://developers.google.com/speed/public-dns/cache > > I think we try really hard to NOT do what you think we're doing... Thanks Christopher. For the benefit of the list, I received a couple of off-list tip-offs to the link that Chrstopher suggested. I was a bit cynical as I assumed the tool would only have effect on Google's external caches (i.e. 8.8.8.8). The form was failing on Captcha on multiple browsers, which only helped to raise my level of unhappiness with Google. After a bit of searching, I found the same form on another Google page and having plugged the details into the form, caches were indeed cleared both internally and externally at Google and gmails started arriving in the right place. Thanks all for your help on this, both on-list and off-list.
Re: Any ideas how long gmail cache DNS records ?
On Mon, Aug 12, 2024 at 10:15 AM Matt Corallo wrote: > On 8/10/24 10:16 AM, Laura Smith via NANOG wrote: > > In typical "Google knows best" style they appear to be ignoring SOA and TTL > > and doing their own thing. you MIGHT try just using the 'clear the google-public-dns cache' page: https://developers.google.com/speed/public-dns/cache I think we try really hard to NOT do what you think we're doing...
Re: Any ideas how long gmail cache DNS records ?
You might try posting this type of query to the mailop list at https://www.mailop.org/ There's at least one gmail person who responds every now and again over there. (keeping on-list since these kinds of queries come up every now and again and its useful for folks to see the pointer) Matt On 8/10/24 10:16 AM, Laura Smith via NANOG wrote: In typical "Google knows best" style they appear to be ignoring SOA and TTL and doing their own thing. Changed DNS severs and MX records, other public mail services have picked it up no problem. Gmail however appear to be insisting on continuing to deliver to the old mail servers for god knows how much longer ? Any ideas how long I can expect this to go on for before they Do The Right Thing (TM) ?
Re: Any ideas how long gmail cache DNS records ?
In theory… the number of layers of resolvers shouldn’t increase TTL. Any resolver that gets an answer from an authoritative servers gets the full TTL. A downstream resolver that asks for the records from that server’s cache gets the answers with the TTL appropriately decremented. Any additional layers of resolvers also get the TTL counted down since that initial hit on an authoritative server. But it seems to be common knowledge that layers of resolvers causes things to linger. What is the mechanism? Is it middle caches that are just plain busted and don’t decrement TTL correctly? Something more subtle? On Sat, Aug 10, 2024 at 7:29 AM Suresh Ramasubramanian wrote: > Look at it this way, anywhere that has resolvers forwarding to other > resolvers that forward to yet another set of resolvers before the query > gets to the root servers (anywhere with a complex network and multiple > layers of firewalling) will have a succession of caches that need to clear > .. so might take somewhat longer than whatever TTL you set. The > recommendation therefore is to lower the TTL for a few days BEFORE you > change your DNS records. > > --srs > -- > *From:* NANOG on behalf of > Laura Smith via NANOG > *Sent:* Saturday, August 10, 2024 7:46:31 PM > *To:* nanog@nanog.org > *Subject:* Any ideas how long gmail cache DNS records ? > > In typical "Google knows best" style they appear to be ignoring SOA and > TTL and doing their own thing. > > Changed DNS severs and MX records, other public mail services have picked > it up no problem. > > Gmail however appear to be insisting on continuing to deliver to the old > mail servers for god knows how much longer ? > > Any ideas how long I can expect this to go on for before they Do The Right > Thing (TM) ? >
Re: Any ideas how long gmail cache DNS records ?
Yawn. Been there, done that. Why do you think the other public mail services have switched over so quickly ? :) This is exclusively a gmail problem. On Saturday, 10 August 2024 at 15:28, Suresh Ramasubramanian wrote: > Look at it this way, anywhere that has resolvers forwarding to other > resolvers that forward to yet another set of resolvers before the query gets > to the root servers (anywhere with a complex network and multiple layers of > firewalling) will have a succession of caches that need to clear .. so might > take somewhat longer than whatever TTL you set. The recommendation therefore > is to lower the TTL for a few days BEFORE you change your DNS records. > > --srs > > From: NANOG on behalf of Laura > Smith via NANOG > Sent: Saturday, August 10, 2024 7:46:31 PM > To: nanog@nanog.org > Subject: Any ideas how long gmail cache DNS records ? > > In typical "Google knows best" style they appear to be ignoring SOA and TTL > and doing their own thing. > > Changed DNS severs and MX records, other public mail services have picked it > up no problem. > > Gmail however appear to be insisting on continuing to deliver to the old mail > servers for god knows how much longer ? > > Any ideas how long I can expect this to go on for before they Do The Right > Thing (TM) ?
Re: Any ideas how long gmail cache DNS records ?
Look at it this way, anywhere that has resolvers forwarding to other resolvers that forward to yet another set of resolvers before the query gets to the root servers (anywhere with a complex network and multiple layers of firewalling) will have a succession of caches that need to clear .. so might take somewhat longer than whatever TTL you set. The recommendation therefore is to lower the TTL for a few days BEFORE you change your DNS records. --srs From: NANOG on behalf of Laura Smith via NANOG Sent: Saturday, August 10, 2024 7:46:31 PM To: nanog@nanog.org Subject: Any ideas how long gmail cache DNS records ? In typical "Google knows best" style they appear to be ignoring SOA and TTL and doing their own thing. Changed DNS severs and MX records, other public mail services have picked it up no problem. Gmail however appear to be insisting on continuing to deliver to the old mail servers for god knows how much longer ? Any ideas how long I can expect this to go on for before they Do The Right Thing (TM) ?
Any ideas how long gmail cache DNS records ?
In typical "Google knows best" style they appear to be ignoring SOA and TTL and doing their own thing. Changed DNS severs and MX records, other public mail services have picked it up no problem. Gmail however appear to be insisting on continuing to deliver to the old mail servers for god knows how much longer ? Any ideas how long I can expect this to go on for before they Do The Right Thing (TM) ?
Help with compromised Gmail Account
Could someone from Google/gmail ops contact me please? A downstream customer of our has lost access to their gmail account which contains lots of important network elements and info. They had emailed Google etc but got no response. The bad actor managed to change the cell phone on the account etc. Please let me know any advice so I can help them and/or get you in touch with them. Norm
Re: List of GMAIL DNS *clients*?
Google has a list of IPs for their services in a JSON format available in their support section. Legitimate requests from Google should almost always come from an IP within those subnets. https://support.google.com/a/answer/10026322 https://support.google.com/a/answer/60764 <https://support.google.com/a/answer/60764?hl=en> Kind regards, Peter Potvin On Thu, Feb 29, 2024 at 16:17 wrote: > > Occasionally one of our log analyzers will block gmail DNS requests > causing bounces when gmail claims our domain(s) are not authenticated, > they can't get to our SPF etc. > > I'd like to whitelist them but does anyone know the list of IP blocks > I need? > > -- > -Barry Shein > > Software Tool & Die| b...@theworld.com | > http://www.TheWorld.com > Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD > The World: Since 1989 | A Public Information Utility | *oo* >
List of GMAIL DNS *clients*?
Occasionally one of our log analyzers will block gmail DNS requests causing bounces when gmail claims our domain(s) are not authenticated, they can't get to our SPF etc. I'd like to whitelist them but does anyone know the list of IP blocks I need? -- -Barry Shein Software Tool & Die| b...@theworld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
Re: Gmail (thus Nanog) rejecting ipv6 email
On Tue, 5 Apr 2022, Owen DeLong via NANOG wrote: Of course there's an argument that say "mom and pop should not run their own mailserver, there are professionals for that!" but at the end of the day what this really serves is deliberate and pre-mediated centralisation, slowly but steadily stamping out small players. As pop running his own mail server, I don’t buy that first argument at all. However, I will say that if you are going to run an MTA on the greater internet, then you have inherently as part of the social contract, accepted the obligation to run it in accordance with the current form of BCP and the further obligation to keep up with the current definition of current BCP. Let's talk about professionals? Even assuming these grep's aren't perfect: Number of gmail from/to messages in our last logs: # bzgrep gmail /var/log/maillog* | grep google.com | wc -l 1514 Number that gmail sent us that we flagged as spam and dropped at SMTP time: # bzgrep gmail /var/log/maillog* | grep google.com | grep -i spamassassin | wc -l 641 Number that gmail users are sending, regularly, en-masse, to dead contacts (mutually exclusive with above): # bzgrep gmail /var/log/maillog* | grep google.com | grep -i "User unknown" | wc -l 785 Number of messages we've sent to gmail that have been rejected: # bzgrep gmail /var/log/maillog* | grep google.com | grep -i 188131 | wc -l 9 Number of reported spams that have made it to actual abuse contacts at google: 0 (they /dev/null abuse@, let me know how that jives with your BCP's.) If you're sending them volumes, they offer you a feedback loop so they can report how spammy you look to them. The inverse does not exist. They have no documented SMTP error code that you can set that sigils to them that a user is spamming and should be rate-limited. What gmail has here is a problem at scale. There are large masses of people writing in bad english signing up for accounts and who will take payment to complete a captcha every single time if required, the same way every robocall you get will connect you with an actual human. And gmail are, largely, "too big to block". -Dan Cranky Sysadmin --
Re: Gmail (thus Nanog) rejecting ipv6 email
> On Apr 4, 2022, at 08:13 , Robert Kisteleki wrote: > > > On 2022-04-03 07:18, Owen DeLong via NANOG wrote: >> I’ve not experienced this problem sending emails via IPv6 to gmail >> destinations from my personal domain. >> (delong.com <http://delong.com>) >> Likely this email will, in fact, get sent to GMAIL via IPv6. >> I do have good SPF and DKIM records and signing and a reasonable DMARC >> policy set up. >> If ISC doesn’t have that yet, it might be a better alternative than turning >> off IPv6. >> If that doesn’t solve it, I can reach out to someone at Google who can >> likely get the right parties involved. >> Owen > > I think it has been argued before that having a different email acceptance > policy over IPv4 vs IPv6 is essentially a layering violation. I'm sympathetic > to that argument. The problem with that argument is that it ignores the fact that IP reputation services are available for IPv4 and impractical for IPv6. > More to the point: *you* could do this and there are a number of other > clueful people who can make this work today. And when Google changes their > rules (that you'll have to learn about once you hit the next wall), then you > adjust. And you keep on doing this whack-a-mole game. It hasn’t been all that much whack-a-mole. Frankly, I’ve had more difficulty playing whack-a-mole with Apple’s changes in what they require for a CA to be accepted by an iPhone so that I can access my own IMAP server than anything Google has done to IPv6 mail acceptance. Bottom line, if you’re running an MTA, then there is a changing landscape of BCPs that you have to adapt to. Google may be one of the first to get strict about some of those BCPs, they are also likely the first one many sites will trip over due to the high volume of email headed their way and the large user base they have, but there are definitely others that you will also trip over. You can’t run an MTA in the modern internet without this whack-a-mole game and I suspect it will eventually hit v4 just as hard as it currently hits v6 because I think that v4 reputation services will fail to cope with CGNAT in much the same way that they currently can’t cope with IPv6. > Of course there's an argument that say "mom and pop should not run their own > mailserver, there are professionals for that!" but at the end of the day what > this really serves is deliberate and pre-mediated centralisation, slowly but > steadily stamping out small players. As pop running his own mail server, I don’t buy that first argument at all. However, I will say that if you are going to run an MTA on the greater internet, then you have inherently as part of the social contract, accepted the obligation to run it in accordance with the current form of BCP and the further obligation to keep up with the current definition of current BCP. > > Robert Owen
Re: [nanog] opendkim (was: Re: Gmail (thus Nanog) rejecting ipv6 email)
On Mon, 4 Apr 2022, Bjørn Mork wrote: "John Levine" writes: It appears that Michael Thomas said: On 4/3/22 12:12 PM, Bjørn Mork wrote: On a slightly related subject... This DKIM failure surprised me, but at least I verified that many NANOG subscribers have mailservers returning DMARC failure reports ;-) Oh wow, you should report that to Murray. It's on Github, so you can open an issue and if you're feeling inspired a fork and a patch. There's currently 67 open issues and 15 pull requests so don't hold your breath. https://github.com/trusteddomainproject/OpenDKIM There is absolutely nothing wrong with opendkim. I wouldn't go that far. It definitely needs some love. John's comment about not holding your breath was perhaps a bit cutting, but we're working on it. -Dan -- Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC FB: fb.com/DanielMahoneyIV LI: linkedin.com/in/gushi Site: http://www.gushi.org ---
Re: Gmail (thus Nanog) rejecting ipv6 email
> On Apr 4, 2022, at 9:39 AM, Andy Smith wrote: > > On Sun, Apr 03, 2022 at 07:44:59PM -0500, Andy Ringsmuth wrote: >> I’m running into this with clients for whom we do web site work. >> Mail not being delivered to Gmail accounts. No bounceback, not >> being delayed, not marked as spam, just black-holed for no >> discernible reason. Like, clients losing money because sales leads >> never make it to them. > > Over on mailop a Google employee said that gmail never silently > discards email, that mail will always be delivered somewhere or else > rejected at SMTP time, and that the only exception is that GAFYD > customers (and similar) can set up rules themselves to delete email > under some circumstances. I’m on mailop as well. Sadly, what that Google employee said is provably false. -Andy
Re: Gmail (thus Nanog) rejecting ipv6 email
Accepting mail for delivery, and then either silently dropping it, delaying it for days, or putting mail that in no way resembles spam into a spam folder seems a little worse than “doing what the standards say”. If you’re going to decide, on little or no evidence, that a message is spam or otherwise does not deserve to get delivered, the least you could do is to bounce it so that the sender is aware. No need to generate a bounce mail that could turn into backscatter; just reject the mail during the SMTP exchange. Jim Shankland I think they have turned some knobs recently (or rather, they continuously do). Yesterday's soft reject (i.e. mail ending up in the spam folder) became a hard reject. I guess it's possible to argue both ways - at least the soft reject could be trained not to categorise real mail as spam. With a hard reject that problem is shifted entirely to the sender. Robert
Re: Gmail (thus Nanog) rejecting ipv6 email
On 2022-04-03 07:18, Owen DeLong via NANOG wrote: I’ve not experienced this problem sending emails via IPv6 to gmail destinations from my personal domain. (delong.com <http://delong.com>) Likely this email will, in fact, get sent to GMAIL via IPv6. I do have good SPF and DKIM records and signing and a reasonable DMARC policy set up. If ISC doesn’t have that yet, it might be a better alternative than turning off IPv6. If that doesn’t solve it, I can reach out to someone at Google who can likely get the right parties involved. Owen I think it has been argued before that having a different email acceptance policy over IPv4 vs IPv6 is essentially a layering violation. I'm sympathetic to that argument. More to the point: *you* could do this and there are a number of other clueful people who can make this work today. And when Google changes their rules (that you'll have to learn about once you hit the next wall), then you adjust. And you keep on doing this whack-a-mole game. Of course there's an argument that say "mom and pop should not run their own mailserver, there are professionals for that!" but at the end of the day what this really serves is deliberate and pre-mediated centralisation, slowly but steadily stamping out small players. Robert
Re: Gmail (thus Nanog) rejecting ipv6 email
Hello, On Sun, Apr 03, 2022 at 07:44:59PM -0500, Andy Ringsmuth wrote: > I’m running into this with clients for whom we do web site work. > Mail not being delivered to Gmail accounts. No bounceback, not > being delayed, not marked as spam, just black-holed for no > discernible reason. Like, clients losing money because sales leads > never make it to them. Over on mailop a Google employee said that gmail never silently discards email, that mail will always be delivered somewhere or else rejected at SMTP time, and that the only exception is that GAFYD customers (and similar) can set up rules themselves to delete email under some circumstances. I too occasionally experience customers saying their invoices and payment reminders were silently discarded by gmail, so I don't know who to believe. As regards the topic at hand, gmail does seem to go through phases of not accepting our email. While they certainly are tighter on IPv6 and absolutely require SPF, DKIM, DMARC there, other than that I haven't seen v6 be any different to v4 and just swallow it. I know others prefer to only deliver to them over v4. Thanks, Andy
opendkim (was: Re: Gmail (thus Nanog) rejecting ipv6 email)
"John Levine" writes: > It appears that Michael Thomas said: >> >>On 4/3/22 12:12 PM, Bjørn Mork wrote: >>> On a slightly related subject... This DKIM failure surprised me, but at >>> least I verified that many NANOG subscribers have mailservers returning >>> DMARC failure reports ;-) >> >>Oh wow, you should report that to Murray. > > It's on Github, so you can open an issue and if you're > feeling inspired a fork and a patch. There's currently > 67 open issues and 15 pull requests so don't hold your breath. > > https://github.com/trusteddomainproject/OpenDKIM There is absolutely nothing wrong with opendkim. Sorry for this off-topic noise. opendkim is an excellent tool, which helped me find the real problem with a simple "Diagnostics yes" in the config file. My problem was caused by bad interaction between nullmailer and sendmail. Turns that out nullmailer removes quotes around the display-name unless required, while sendmail adds quotes it consider necessary. The end-result is a Cc header looking exacly like the one I sent. Only problem is that it wasn't that header opendkim got. 1) I submitted this to nullmailer: Cc: John Levine , "North American Network Operators' Group" 2) nullmailer forwarded this to sendmail: Cc: John Levine , North American Network Operators' Group 3) opendkim signed the mail using the unquoted Cc header 4) sendmail added quotes and forwarded this: Cc: John Levine , "North American Network Operators' Group" 5) validation failed since the header signature was based on the unquoted version. The header modifications in transit is the real bug. IMHO neither nullmailer nor sendmail should change the Cc header here. They should rather reject the mail if they don't like the headers. But I can't see any reasons for that. Both the quoted and the unquoted versions are fine according to my understanding of RFC5322. Any hints on how to configure sendmail to avoid this are appreciated. I can always patch nullmailer. But the same problem can be triggerd by any client submitting an unquoted display-name with an apostrophe to sendmail. Possibly also other characters which are allowed in an atom. I do understand why most people just go with gmail... Bjørn
Re: Gmail (thus Nanog) rejecting ipv6 email
> On Apr 3, 2022, at 1:40 PM, na...@shankland.org wrote: > >> It appears that Bjørn Mork said: >>> Google has been trying to move away from Internet email for many years >>> now. Just let them. There is no way you can "fix" that problem on your >>> side. >> >> Don't be silly. Gmail has over a billion users and hosts mail for >> vast numbers of businesses large and small. >> >> I agree that they are stricter than many others at mail authentication >> but considering how big they are, they do a very good job of doing what >> the standards say. Way better than Y**o* ot M*o**. >> > > > Accepting mail for delivery, and then either silently dropping it, delaying > it for days, or putting mail that in no way resembles spam into a spam folder > seems a little worse than “doing what the standards say”. If you’re going to > decide, on little or no evidence, that a message is spam or otherwise does > not deserve to get delivered, the least you could do is to bounce it so that > the sender is aware. No need to generate a bounce mail that could turn into > backscatter; just reject the mail during the SMTP exchange. NO FREAKING KIDDING. I’m running into this with clients for whom we do web site work. Mail not being delivered to Gmail accounts. No bounceback, not being delayed, not marked as spam, just black-holed for no discernible reason. Like, clients losing money because sales leads never make it to them. Extremely frustrating. -Andy
Re: Gmail (thus Nanog) rejecting ipv6 email
It appears that Michael Thomas said: > >On 4/3/22 12:12 PM, Bjørn Mork wrote: >> On a slightly related subject... This DKIM failure surprised me, but at >> least I verified that many NANOG subscribers have mailservers returning >> DMARC failure reports ;-) > >Oh wow, you should report that to Murray. It's on Github, so you can open an issue and if you're feeling inspired a fork and a patch. There's currently 67 open issues and 15 pull requests so don't hold your breath. https://github.com/trusteddomainproject/OpenDKIM R's, John >> Bjørn Mork writes: >> >>> Authentication-Results: mx.google.com; >>> dkim=fail header.i=@mork.no header.s=b header.b=NB0BT8Ez; >>> spf=pass (google.com: best guess record for domain of >>> bj...@miraculix.mork.no >>> designates 2001:41c8:51:8a:feff:ff:fe00:e5 as permitted sender) >>> smtp.mailfrom=bj...@miraculix.mork.no; >>> dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mork.no >>> Received: from canardo.dyn.mork.no ([IPv6:2a01:799:c9f:8600:0:0:0:1]) >>> (authenticated bits=0) >>> by louie.mork.no (8.15.2/8.15.2) with ESMTPSA id 233IGnGC342047 >>> (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=OK); >>> Sun, 3 Apr 2022 19:16:50 +0100 >>> Received: from miraculix.mork.no >>> ([IPv6:2a01:799:c9f:8602:8cd5:a7b0:d07:d516]) >>> (authenticated bits=0) >>> by canardo.dyn.mork.no (8.15.2/8.15.2) with ESMTPSA id 233IGnKb1147676 >>> (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=OK); >>> Sun, 3 Apr 2022 20:16:49 +0200 >>> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mork.no; s=b; >>> t=1649009809; bh=ZByFGHIiZPQYmJjQnCv16CXFZhKG8U3fTayR+Mx3piY=; >>> h=From:To:Cc:Subject:References:Date:Message-ID:From; >>> b=NB0BT8EzJBl2E3jzDaz7QY4C/utMGKFF+HCs8qjQFoHA4JHTD21ZkTk34jp2VOiJ0 >>> pYWHUNXCNaEBK44Hr4U96h5pfXor+dqo0cSuRPTLNnRsoLAQg2kqmQkvylagdeezZc >>> 4p+jQEQv5La2KbjzEIvW6iSGwwe4ltT9hu7h0H8U= >>> Received: (nullmailer pid 389787 invoked by uid 1000); >>> Sun, 03 Apr 2022 18:16:48 - >>> From: =?utf-8?Q?Bj=C3=B8rn_Mork?= >>> To: Randy Bush >>> Cc: John Levine , >>> "North American Network Operators' Group" >>> Subject: Re: Gmail (thus Nanog) rejecting ipv6 email >>> Organization: m >>> References: <875ynqcvsl@miraculix.mork.no> >>> <20220403164123.4ce413a4b...@ary.qy> >>> Date: Sun, 03 Apr 2022 20:16:48 +0200 >>> In-Reply-To: (Randy Bush's message of "Sun, 03 >>> Apr 2022 10:50:06 -0700") >>> Message-ID: <87v8vqav73@miraculix.mork.no> >> >> Did a little testing, and it looks like opendkim create a bogus >> signature if a quoted-string diplay name in a To or Cc headers contains >> an apostrophe. Not good at all.
Re: Gmail (thus Nanog) rejecting ipv6 email
On 4/3/22 12:12 PM, Bjørn Mork wrote: On a slightly related subject... This DKIM failure surprised me, but at least I verified that many NANOG subscribers have mailservers returning DMARC failure reports ;-) Oh wow, you should report that to Murray. Mike Bjørn Mork writes: Authentication-Results: mx.google.com; dkim=fail header.i=@mork.no header.s=b header.b=NB0BT8Ez; spf=pass (google.com: best guess record for domain of bj...@miraculix.mork.no designates 2001:41c8:51:8a:feff:ff:fe00:e5 as permitted sender) smtp.mailfrom=bj...@miraculix.mork.no; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mork.no Received: from canardo.dyn.mork.no ([IPv6:2a01:799:c9f:8600:0:0:0:1]) (authenticated bits=0) by louie.mork.no (8.15.2/8.15.2) with ESMTPSA id 233IGnGC342047 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=OK); Sun, 3 Apr 2022 19:16:50 +0100 Received: from miraculix.mork.no ([IPv6:2a01:799:c9f:8602:8cd5:a7b0:d07:d516]) (authenticated bits=0) by canardo.dyn.mork.no (8.15.2/8.15.2) with ESMTPSA id 233IGnKb1147676 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=OK); Sun, 3 Apr 2022 20:16:49 +0200 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mork.no; s=b; t=1649009809; bh=ZByFGHIiZPQYmJjQnCv16CXFZhKG8U3fTayR+Mx3piY=; h=From:To:Cc:Subject:References:Date:Message-ID:From; b=NB0BT8EzJBl2E3jzDaz7QY4C/utMGKFF+HCs8qjQFoHA4JHTD21ZkTk34jp2VOiJ0 pYWHUNXCNaEBK44Hr4U96h5pfXor+dqo0cSuRPTLNnRsoLAQg2kqmQkvylagdeezZc 4p+jQEQv5La2KbjzEIvW6iSGwwe4ltT9hu7h0H8U= Received: (nullmailer pid 389787 invoked by uid 1000); Sun, 03 Apr 2022 18:16:48 - From: =?utf-8?Q?Bj=C3=B8rn_Mork?= To: Randy Bush Cc: John Levine , "North American Network Operators' Group" Subject: Re: Gmail (thus Nanog) rejecting ipv6 email Organization: m References: <875ynqcvsl@miraculix.mork.no> <20220403164123.4ce413a4b...@ary.qy> Date: Sun, 03 Apr 2022 20:16:48 +0200 In-Reply-To: (Randy Bush's message of "Sun, 03 Apr 2022 10:50:06 -0700") Message-ID: <87v8vqav73@miraculix.mork.no> Did a little testing, and it looks like opendkim create a bogus signature if a quoted-string diplay name in a To or Cc headers contains an apostrophe. Not good at all. Bjørn
Re: Gmail (thus Nanog) rejecting ipv6 email
On a slightly related subject... This DKIM failure surprised me, but at least I verified that many NANOG subscribers have mailservers returning DMARC failure reports ;-) Bjørn Mork writes: > Authentication-Results: mx.google.com; > dkim=fail header.i=@mork.no header.s=b header.b=NB0BT8Ez; > spf=pass (google.com: best guess record for domain of bj...@miraculix.mork.no > designates 2001:41c8:51:8a:feff:ff:fe00:e5 as permitted sender) > smtp.mailfrom=bj...@miraculix.mork.no; > dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mork.no > Received: from canardo.dyn.mork.no ([IPv6:2a01:799:c9f:8600:0:0:0:1]) > (authenticated bits=0) > by louie.mork.no (8.15.2/8.15.2) with ESMTPSA id 233IGnGC342047 > (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=OK); > Sun, 3 Apr 2022 19:16:50 +0100 > Received: from miraculix.mork.no ([IPv6:2a01:799:c9f:8602:8cd5:a7b0:d07:d516]) > (authenticated bits=0) > by canardo.dyn.mork.no (8.15.2/8.15.2) with ESMTPSA id 233IGnKb1147676 > (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=OK); > Sun, 3 Apr 2022 20:16:49 +0200 > DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mork.no; s=b; > t=1649009809; bh=ZByFGHIiZPQYmJjQnCv16CXFZhKG8U3fTayR+Mx3piY=; > h=From:To:Cc:Subject:References:Date:Message-ID:From; > b=NB0BT8EzJBl2E3jzDaz7QY4C/utMGKFF+HCs8qjQFoHA4JHTD21ZkTk34jp2VOiJ0 > pYWHUNXCNaEBK44Hr4U96h5pfXor+dqo0cSuRPTLNnRsoLAQg2kqmQkvylagdeezZc > 4p+jQEQv5La2KbjzEIvW6iSGwwe4ltT9hu7h0H8U= > Received: (nullmailer pid 389787 invoked by uid 1000); > Sun, 03 Apr 2022 18:16:48 - > From: =?utf-8?Q?Bj=C3=B8rn_Mork?= > To: Randy Bush > Cc: John Levine , > "North American Network Operators' Group" > Subject: Re: Gmail (thus Nanog) rejecting ipv6 email > Organization: m > References: <875ynqcvsl@miraculix.mork.no> > <20220403164123.4ce413a4b...@ary.qy> > Date: Sun, 03 Apr 2022 20:16:48 +0200 > In-Reply-To: (Randy Bush's message of "Sun, 03 > Apr 2022 10:50:06 -0700") > Message-ID: <87v8vqav73@miraculix.mork.no> Did a little testing, and it looks like opendkim create a bogus signature if a quoted-string diplay name in a To or Cc headers contains an apostrophe. Not good at all. Bjørn
Re: Gmail (thus Nanog) rejecting ipv6 email
On Apr 3, 2022, at 9:41 AM, John Levine wrote: > > It appears that Bjørn Mork said: >> Google has been trying to move away from Internet email for many years >> now. Just let them. There is no way you can "fix" that problem on your >> side. > > Don't be silly. Gmail has over a billion users and hosts mail for > vast numbers of businesses large and small. > > I agree that they are stricter than many others at mail authentication > but considering how big they are, they do a very good job of doing what > the standards say. Way better than Y**o* ot M*o**. > Accepting mail for delivery, and then either silently dropping it, delaying it for days, or putting mail that in no way resembles spam into a spam folder seems a little worse than “doing what the standards say”. If you’re going to decide, on little or no evidence, that a message is spam or otherwise does not deserve to get delivered, the least you could do is to bounce it so that the sender is aware. No need to generate a bounce mail that could turn into backscatter; just reject the mail during the SMTP exchange. Jim Shankland
Re: Gmail (thus Nanog) rejecting ipv6 email
Randy Bush writes: > i try to keep a list of goog's ipv6 email space and don't deliver to it; > rather using ipv4 instead. unfortunately, goog does not cooperate with > dnswl.org, so this can not be automated. How about using their SPF records as automation input? Their MXes are inside those blocks right now at least. Bjørn
Re: Gmail (thus Nanog) rejecting ipv6 email
i try to keep a list of goog's ipv6 email space and don't deliver to it; rather using ipv4 instead. unfortunately, goog does not cooperate with dnswl.org, so this can not be automated. this is mildly damaging to the ipv6 religion, but i don't let that spoil my coffee. their lack of cooperation with the dns good list means inbound from them gets dropped when one of their outbound smtp senders gets badlisted, which they often do. i do not let that spoil my coffee either. i would not want to work for goog's email service; too much pain. randy
Re: Gmail (thus Nanog) rejecting ipv6 email
It appears that Bjørn Mork said: >Google has been trying to move away from Internet email for many years >now. Just let them. There is no way you can "fix" that problem on your >side. Don't be silly. Gmail has over a billion users and hosts mail for vast numbers of businesses large and small. I agree that they are stricter than many others at mail authentication but considering how big they are, they do a very good job of doing what the standards say. Way better than Y**o* ot M*o**. R's, John -- Regards, John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly
Re: Gmail (thus Nanog) rejecting ipv6 email
I didn't know anyone still cared? Google has been trying to move away from Internet email for many years now. Just let them. There is no way you can "fix" that problem on your side. If you care about specific recipients, then inform them that Google randomly throws away some of their legitimate email. Send a paper mail or phone them if necessary. That's pretty much all you can do. If those recipients continue to use gmail, then that's their decision and problem. I assume NANOG is informed about this now. Bjørn
Re: Gmail (thus Nanog) rejecting ipv6 email
I’ve not experienced this problem sending emails via IPv6 to gmail destinations from my personal domain. (delong.com <http://delong.com/>) Likely this email will, in fact, get sent to GMAIL via IPv6. I do have good SPF and DKIM records and signing and a reasonable DMARC policy set up. If ISC doesn’t have that yet, it might be a better alternative than turning off IPv6. If that doesn’t solve it, I can reach out to someone at Google who can likely get the right parties involved. Owen > On Apr 2, 2022, at 15:23, Jeroen Massar via NANOG wrote: > > Hi Dan, > > Hope the rest of the world is treating you decently! > > There are a lot of bits and bobs that one has to get right for mail to flow, > amongst which: > > - IP -> PTR lookup -> that hostname lookup, and match to IP again > (https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS) > - SPF > - DKIM > - DMARC > - ARC (for mailinglists) > - SRS (When forwarding, rewrite the From and resign DKIM, and then ARC-sign > that) > - Decent TLS > - MTA-STS > > And that list grows and grows... and grows and grows. It is kinda a test if > one has actually bothered to configure a setup, and not just are randomly > sending an email by just telneting from a random server. Of course the large > spam outfits have this fully automated and configured, so that their > spam^Wadvertising comes through. > > A wee little test tells that there are a few improvements to be made at > minimum: > > https://internet.nl/mail/isc.org/ > > • Not all authenticity marks against email phishing (DMARC, DKIM and > SPF) > • Failed :Mail server connection not or insufficiently secured > (STARTTLS and DANE) > > > Greets, > Jeroen (who also runs his own full net... and had jeroen@isc for a few > years... ;) ) >
Re: [nanog] Re: Gmail (thus Nanog) rejecting ipv6 email
On Sat, 2 Apr 2022, Michael Thomas wrote: On 4/2/22 6:21 PM, John Levine wrote: It appears that Michael Thomas said: I'll be eager to see the papers substantiating this. Until then I remain completely skeptical. It's an experimental RFC for a reason. Let's see the data. ARC is not mentioned here: https://support.google.com/mail/answer/81126?hl=en But nor are mailing lists/listservs. Most of the guidance on "lists" seems to be related to marketing lists (which I hate way more, but gmail seems to be quite forgiving of), vs discussion lists. Also, the error message we're getting speaks to the reputation of "our domain", not our IP block. Otherwise, I would think v4 mail would bounce as well. Now, if that's caused by our staff posting to *other* mailing lists that do not do ARC, we have zero control over that. If it's being implied that gmail is ranking us (i.e. dkim-signed and spf-compliant mail from Mark Andrews to *this list*) with a "very low" reputation because *our* mailman lists don't presently do arc-sealing, then could someone from google please tell me that canonically? -Dan -- Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC FB: fb.com/DanielMahoneyIV LI: linkedin.com/in/gushi Site: http://www.gushi.org ---
Re: Gmail (thus Nanog) rejecting ipv6 email
On 4/2/22 8:01 PM, John Levine wrote: It appears that Michael Thomas said: ARC lets the recipient system look back and do what we might call retroactive filtering, using info about messages as they arrived at the previous forwarder. While it would be nice if lists did a better job of spam filtering, they don't, and ARC is a reasonable remedy for that. I'll be eager to see the papers substantiating this. Until then I remain completely skeptical. It's an experimental RFC for a reason. Let's see the data. I'd also like to see a paper substantiating your claim that mailing lists do a bad job of spam filtering. In my experience it is a non-problem. People from Google have told me that is the specific reason that they need all the complexity of ARC rather than just whitelisting mailing lists. If you think they're lying, or you know more about their mail stream than they do, not much we can do about that. Then they should publish it since it's an IETF document it so everybody can evaluate it. Otherwise it's just a private vanity project. I've seen absolutely nothing to conclude it is not. And impugning me about "lying" is an ad hominem and against NANOG's rules. Mike
Re: Gmail (thus Nanog) rejecting ipv6 email
It appears that Michael Thomas said: >> ARC lets the recipient system look back and do what we might call >> retroactive filtering, using info about messages as they arrived at >> the previous forwarder. While it would be nice if lists did a better >> job of spam filtering, they don't, and ARC is a reasonable remedy for >> that. > >I'll be eager to see the papers substantiating this. Until then I remain >completely skeptical. It's an experimental RFC for a reason. Let's see >the data. > >I'd also like to see a paper substantiating your claim that mailing >lists do a bad job of spam filtering. In my experience it is a non-problem. People from Google have told me that is the specific reason that they need all the complexity of ARC rather than just whitelisting mailing lists. If you think they're lying, or you know more about their mail stream than they do, not much we can do about that. R's, John
Re: Gmail (thus Nanog) rejecting ipv6 email
On 4/2/22 6:21 PM, John Levine wrote: It appears that Michael Thomas said: Google at least adds ARC headers in Gmail, and did the editing of RFC8617. ARC resolves into a previously unsolved problem: reputation. ... No, actually it doesn't, as has been repeatedly explained. ARC addreses the problem that mailing lists do a lousy job of spam filtering, A list that usually sends lovely clean mail sometimes doesn't, since a typical list forwards anything with a subscriber's address on the From line including spam from cleverish spammers who take pairs of from/to addresses from stolen mailboxes. ARC lets the recipient system look back and do what we might call retroactive filtering, using info about messages as they arrived at the previous forwarder. While it would be nice if lists did a better job of spam filtering, they don't, and ARC is a reasonable remedy for that. I'll be eager to see the papers substantiating this. Until then I remain completely skeptical. It's an experimental RFC for a reason. Let's see the data. I'd also like to see a paper substantiating your claim that mailing lists do a bad job of spam filtering. In my experience it is a non-problem. Mike
Re: Gmail (thus Nanog) rejecting ipv6 email
On 4/2/22 6:16 PM, John Levine wrote: It appears that Michael Thomas said: There are a lot of bits and bobs that one has to get right for mail to flow, amongst which: - IP -> PTR lookup -> that hostname lookup, and match to IP again - SPF - DKIM - DMARC Yup. Gmail has made it quite clear that they will not accept v6 mail that isn't SPF or DKIM authenticated. DKIM is more work but works more reliably. - ARC (for mailinglists) Seriously spend zero time on ARC. It doesn't work as advertised ... Please, not this again. ARC does what it does, even if it doesn't do what you might wish it did instead. I does what it does which is DKIM. That's it. It's certainly not a magic ticket into an inbox but it is slowly helping undo DMARC mailing list damage. It's not important unless you forward mail like a mailing list does. No it doesn't. It requires the previously unsolved problem of reputation which manifestly incapable of being solved. DMARC is not the problem, ancient mailing list technology which came before security requirements is the problem. Mike
Re: Gmail (thus Nanog) rejecting ipv6 email from poorly configured senders
It appears that Niels Bakker said: >I also run my own mail server. I had to firewall off Google's MXes for >this exact reason: silent and not-so-silent email rejection when >offered over IPv6. I run my own mail server and have no trouble at all delivering mail to Gmail over IPv6. I do have SPF, DKIM, DNSSEC and DANE on my mail servers. My DMARC policy is p=none. If it matters, the MTA is a heavily hacked version of qmail. While I believe that Gmail rejects some people's mail, every time when I have looked in detail, I have found that their mail authentication isn't working properly. I'd suggest starting there. R's, John
Re: Gmail (thus Nanog) rejecting ipv6 email
It appears that Michael Thomas said: >> Google at least adds ARC headers in Gmail, and did the editing of RFC8617. > >ARC resolves into a previously unsolved problem: reputation. ... No, actually it doesn't, as has been repeatedly explained. ARC addreses the problem that mailing lists do a lousy job of spam filtering, A list that usually sends lovely clean mail sometimes doesn't, since a typical list forwards anything with a subscriber's address on the From line including spam from cleverish spammers who take pairs of from/to addresses from stolen mailboxes. ARC lets the recipient system look back and do what we might call retroactive filtering, using info about messages as they arrived at the previous forwarder. While it would be nice if lists did a better job of spam filtering, they don't, and ARC is a reasonable remedy for that. R's, John
Re: Gmail (thus Nanog) rejecting ipv6 email
It appears that Michael Thomas said: >> There are a lot of bits and bobs that one has to get right for mail to flow, >> amongst which: >> >> - IP -> PTR lookup -> that hostname lookup, and match to IP again >> - SPF >> - DKIM >> - DMARC Yup. Gmail has made it quite clear that they will not accept v6 mail that isn't SPF or DKIM authenticated. DKIM is more work but works more reliably. >> - ARC (for mailinglists) >Seriously spend zero time on ARC. It doesn't work as advertised ... Please, not this again. ARC does what it does, even if it doesn't do what you might wish it did instead. It's certainly not a magic ticket into an inbox but it is slowly helping undo DMARC mailing list damage. It's not important unless you forward mail like a mailing list does. R's, John
Re: [nanog] Re: Gmail (thus Nanog) rejecting ipv6 email
On Sun, 3 Apr 2022, Jeroen Massar wrote: Hi Dan, Hope the rest of the world is treating you decently! There are a lot of bits and bobs that one has to get right for mail to flow, amongst which: - IP -> PTR lookup -> that hostname lookup, and match to IP again (https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS) - SPF - DKIM - DMARC - ARC (for mailinglists) - SRS (When forwarding, rewrite the From and resign DKIM, and then ARC-sign that) - Decent TLS - MTA-STS And that list grows and grows... and grows and grows. It is kinda a test if one has actually bothered to configure a setup, and not just are randomly sending an email by just telneting from a random server. Of course the large spam outfits have this fully automated and configured, so that their spam^Wadvertising comes through. A wee little test tells that there are a few improvements to be made at minimum: https://internet.nl/mail/isc.org/ • Not all authenticity marks against email phishing (DMARC, DKIM and SPF) We have SPF, DKIM signing, and a DMARC policy that sets p=none. We're not setting p=reject, considering the number of mailing lists our users are on that are outdated or based on EOL software (including this one which depends on python 2.7, and including our own which have the same problem). It's impossible to know, from the outside, how mailing lists are configured. Mailman3 is...special. That's a rant for another time. We get about an email a week from someone emailing security-officer@ trying to get a bug bounty telling us we should set p=reject. There's an ecosystem for this stuff. I don't think this affects our domain's "reputation". • Failed :Mail server connection not or insufficiently secured (STARTTLS and DANE) This has little to do with what ciphers we support outbound, and little to do with our reputation. Unlike HTTPS, the failback to startTLS not working is plain-text. Setting a stricter cipher requirement would result in more mail being delivered in the clear. This is a somewhat broken test. -Dan -- Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC FB: fb.com/DanielMahoneyIV LI: linkedin.com/in/gushi Site: http://www.gushi.org ---
Re: [nanog] Re: Gmail (thus Nanog) rejecting ipv6 email
On Sun, 3 Apr 2022, Niels Bakker wrote: I also run my own mail server. I had to firewall off Google's MXes for this exact reason: silent and not-so-silent email rejection when offered over IPv6. Every now and then they rotate their IP addresses, which causes mail to get dropped for a while. There is no other conclusion possible than that Gmail is actively anti-email at this point. I'm pretty sure I receive more spam from them than I send to them, despite forwarding all emails for a few family members' domains. I too have encountered this. This comes up on mailop periodically. It kind of makes me want to drop entries for the various gmail.com MXes in /etc/hosts, because while postfix gives me a way to override the one domain (say, gmail.com) it's whack-a-mole with the various gmail-hosted-domains. Bind9 has a filter- feature, but it doesn't quite work this way, easily, and of course it breaks DNSSEC. It's my opinion (not that of my employer, necessarily), that gmail is to email as old-school AOL is to the internet. And it's september. -Dan -- Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC FB: fb.com/DanielMahoneyIV LI: linkedin.com/in/gushi Site: http://www.gushi.org ---
Re: Gmail (thus Nanog) rejecting ipv6 email
On 4/2/22 4:05 PM, John Curran wrote: On 2 Apr 2022, at 6:23 PM, Jeroen Massar via NANOG wrote: There are a lot of bits and bobs that one has to get right for mail to flow, amongst which: - IP -> PTR lookup -> that hostname lookup, and match to IP again (https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS) - SPF - DKIM - DMARC - ARC (for mailinglists) - SRS (When forwarding, rewrite the From and resign DKIM, and then ARC-sign that) - Decent TLS - MTA-STS Jeroen - It is indeed amazing how many protocols we can spin up to address the same underlying problem, time and time again... If anyone can anonymously join the mail-sending club and send some email [until bad reputation precludes such], and achieving bad reputation results has no real-world implications, and a new network persona (e.g. domain name) is always available, then the problem could be considered intractable by initial conditions – and no amount of anti-spam protocols (no matter how brilliantly designed and engineered) should be expected to durably address the problem. (It might, however, be interesting to do a regression analysis on the spam mitigation protocol introduction dates – it’d be interesting to know if the expected number protocols that will need proper setup in 10, 20, 40 years…!) That's why I wrote this: https://rip-van-webble.blogspot.com/2020/12/are-mailing-lists-toast.html Trust me, it wasn't for lack of trying on my part. Mike
Re: Gmail (thus Nanog) rejecting ipv6 email
On 4/2/22 3:56 PM, Jeroen Massar wrote: On 3 Apr 2022, at 00:29, Michael Thomas wrote: On 4/2/22 3:23 PM, Jeroen Massar via NANOG wrote: Hi Dan, Hope the rest of the world is treating you decently! There are a lot of bits and bobs that one has to get right for mail to flow, amongst which: - IP -> PTR lookup -> that hostname lookup, and match to IP again (https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS) - SPF - DKIM - DMARC - ARC (for mailinglists) Seriously spend zero time on ARC. It doesn't work as advertised... [snip, see below] Unless one works at the large ESPs, hard to tell what they really care about and verify. Google at least adds ARC headers in Gmail, and did the editing of RFC8617. ARC resolves into a previously unsolved problem: reputation. You could do reputation with plain old DKIM too, so I don't see why changing the name of the header changes anything on the ground. And nobody could give me an answer of why signing previous Authentication-Results is useful for toward that end. It's just more magical thinking. Thank goodness it's an experimental RFC so it can go the way of the dodo. Mike
Re: Gmail (thus Nanog) rejecting ipv6 email
On 2 Apr 2022, at 6:23 PM, Jeroen Massar via NANOG wrote: > There are a lot of bits and bobs that one has to get right for mail to flow, > amongst which: > > - IP -> PTR lookup -> that hostname lookup, and match to IP again > (https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS) > - SPF > - DKIM > - DMARC > - ARC (for mailinglists) > - SRS (When forwarding, rewrite the From and resign DKIM, and then ARC-sign > that) > - Decent TLS > - MTA-STS Jeroen - It is indeed amazing how many protocols we can spin up to address the same underlying problem, time and time again... If anyone can anonymously join the mail-sending club and send some email [until bad reputation precludes such], and achieving bad reputation results has no real-world implications, and a new network persona (e.g. domain name) is always available, then the problem could be considered intractable by initial conditions – and no amount of anti-spam protocols (no matter how brilliantly designed and engineered) should be expected to durably address the problem. (It might, however, be interesting to do a regression analysis on the spam mitigation protocol introduction dates – it’d be interesting to know if the expected number protocols that will need proper setup in 10, 20, 40 years…!) /John Disclaimer(s): my views alone. This email composed of 100% recycled electrons.
Re: Gmail (thus Nanog) rejecting ipv6 email
> On 3 Apr 2022, at 00:29, Michael Thomas wrote: > > > On 4/2/22 3:23 PM, Jeroen Massar via NANOG wrote: >> Hi Dan, >> >> Hope the rest of the world is treating you decently! >> >> There are a lot of bits and bobs that one has to get right for mail to flow, >> amongst which: >> >> - IP -> PTR lookup -> that hostname lookup, and match to IP again >>(https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS) >> - SPF >> - DKIM >> - DMARC >> - ARC (for mailinglists) > > Seriously spend zero time on ARC. It doesn't work as advertised... [snip, see > below] Unless one works at the large ESPs, hard to tell what they really care about and verify. Google at least adds ARC headers in Gmail, and did the editing of RFC8617. MS seems to do something with it: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/use-dmarc-to-validate-email?view=o365-worldwide#how-microsoft-365-utilizes-authenticated-received-chain-arc and https://prodmarc.com/knowledge/authenticated-received-chain/ states: 8< Who has adopted ARC? Google has added ARC verification and sealing to their email services (Gmail, G Suite, and Google Groups). The popular Mailing List Manager (MLM) software Sympa incorporated ARC in v6.2.38, and ARC is being incorporated into the next release of the Mailman MLM – ARC configuration directives are already in the online documentation. The commercial MTAs Halon and MailerQ incorporate ARC, and the milters authentication_milter and OpenARC can be used to deploy ARC with the Postfix, Oracle Communications Messaging Server, and Sendmail MTAs. Several open-source libraries and modules are already available for those who need to integrate ARC functions into their systems. ->8 thus there is at least that for ARC. For one project that sends a rather decent amount of email, adopting DMARC/ARC and @via rewriting made all mail go through (at least all the google reception works), though there might be other factors at work: unless you work in the closed corp and on that project, impossible to know why your mail really gets rejected. > ... and is basically snake oil. Unfortunately it is April 3rd, so two days late, but you are thinking of another acronym: BIMI -- https://bimigroup.org Now, THAT is snakeoil, or well, a scam is more like it: if you can pay and they like you, you get a logo, anybody else is out... marketing companies of the world (and the once earning money for bits ala domains and worse EV SSL certs... rejoice) At least they are 'honest' about the scam: https://bimigroup.org/vmcs-arent-a-golden-ticket-for-bimi-logo-display/ but the big ones support it too https://support.google.com/a/answer/10911432?hl=en but https://bimigroup.org/bimi-generator/ BIMI record not found for gmail.com. BIMI record not found for google.com. BIMI record not found for yahoo.com. BIMI record not found for microsoft.com. Interesting as https://bimigroup.org/bimi-infographic/ claims they 'support' it... view only maybe? but from where? At least there is: BIMI record found for bimigroup.org, and is BIMI compliant v=BIMI1; l=https://bimigroup.org/bimi-sq.svg; a= https://bimigroup.org/bimi-sq.svg Oh well, 3rd of April, not the 1st... yet another Internet money printing thing... Greets, Jeroen
Re: Gmail (thus Nanog) rejecting ipv6 email
On 4/2/22 3:23 PM, Jeroen Massar via NANOG wrote: Hi Dan, Hope the rest of the world is treating you decently! There are a lot of bits and bobs that one has to get right for mail to flow, amongst which: - IP -> PTR lookup -> that hostname lookup, and match to IP again (https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS) - SPF - DKIM - DMARC - ARC (for mailinglists) Seriously spend zero time on ARC. It doesn't work as advertised and is basically snake oil. Mike
Re: Gmail (thus Nanog) rejecting ipv6 email
* d...@prime.gushi.org (Dan Mahoney (Gushi)) [Sun 03 Apr 2022, 00:11 CEST]: I've been seeing a long thread about why ipv6 adoption isn't there yet. This is half a "paging someone with clue" post and half a "...really, guys?" Picard-facepalm post. I just (earlier this week) had to disable ipv6 outbound on one of $dayjob's MX servers, because Gmail, who hosts nanog.org, was rejecting our mail due to "our domain's very low reputation". (In this parlance, "Very Low" is an actual indicative metric.) Dayjob is the people who make BIND and run a root DNS server. Totally disreputable, I'm sure. I don't see anything indicating this in our postmaster tools. I am certain this action is happening completely transparently and invisibly to NANOG, unless others have complained. Whatever UI google gives them to manage their domain will not show this. There are no logs they can grep. I'm told that "gmail's filters for ipv6 are way tighter than ipv4" but that's from a non-canonical source. If this is the case, it does very little to further ipv6 adoption, that's for sure. I've posted over on mailop, and was given a contact (Brandon), but haven't heard back. Gmail's a black box. I've reached out to a few other people, but if anyone here can loan a bat-phone, please let me know. I'm loathe to randomly re-enable ipv6 without contact from someone saying why this happened, and how it's been fixed. -Dan (Who actually operates my own network) I also run my own mail server. I had to firewall off Google's MXes for this exact reason: silent and not-so-silent email rejection when offered over IPv6. Every now and then they rotate their IP addresses, which causes mail to get dropped for a while. There is no other conclusion possible than that Gmail is actively anti-email at this point. I'm pretty sure I receive more spam from them than I send to them, despite forwarding all emails for a few family members' domains. -- Niels.
Re: Gmail (thus Nanog) rejecting ipv6 email
Hi Dan, Hope the rest of the world is treating you decently! There are a lot of bits and bobs that one has to get right for mail to flow, amongst which: - IP -> PTR lookup -> that hostname lookup, and match to IP again (https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS) - SPF - DKIM - DMARC - ARC (for mailinglists) - SRS (When forwarding, rewrite the From and resign DKIM, and then ARC-sign that) - Decent TLS - MTA-STS And that list grows and grows... and grows and grows. It is kinda a test if one has actually bothered to configure a setup, and not just are randomly sending an email by just telneting from a random server. Of course the large spam outfits have this fully automated and configured, so that their spam^Wadvertising comes through. A wee little test tells that there are a few improvements to be made at minimum: https://internet.nl/mail/isc.org/ • Not all authenticity marks against email phishing (DMARC, DKIM and SPF) • Failed :Mail server connection not or insufficiently secured (STARTTLS and DANE) Greets, Jeroen (who also runs his own full net... and had jeroen@isc for a few years... ;) )
Gmail (thus Nanog) rejecting ipv6 email
I've been seeing a long thread about why ipv6 adoption isn't there yet. This is half a "paging someone with clue" post and half a "...really, guys?" Picard-facepalm post. I just (earlier this week) had to disable ipv6 outbound on one of $dayjob's MX servers, because Gmail, who hosts nanog.org, was rejecting our mail due to "our domain's very low reputation". (In this parlance, "Very Low" is an actual indicative metric.) Dayjob is the people who make BIND and run a root DNS server. Totally disreputable, I'm sure. I don't see anything indicating this in our postmaster tools. I am certain this action is happening completely transparently and invisibly to NANOG, unless others have complained. Whatever UI google gives them to manage their domain will not show this. There are no logs they can grep. I'm told that "gmail's filters for ipv6 are way tighter than ipv4" but that's from a non-canonical source. If this is the case, it does very little to further ipv6 adoption, that's for sure. I've posted over on mailop, and was given a contact (Brandon), but haven't heard back. Gmail's a black box. I've reached out to a few other people, but if anyone here can loan a bat-phone, please let me know. I'm loathe to randomly re-enable ipv6 without contact from someone saying why this happened, and how it's been fixed. -Dan (Who actually operates my own network) -- Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC FB: fb.com/DanielMahoneyIV LI: linkedin.com/in/gushi Site: http://www.gushi.org ---
Re: Gmail email blocking is off the rails (again)
On Wed, 4 Dec 2019 at 17:54, Constantine A. Murenin wrote: > > Again, these are not a user messages or regular list traffic, they're > admin/moderator messages addressed to an admin of a list. > > So, to clarify the OP issues here — you're using Gmail on your domain > (aka G Suite), and are also a Mailman administrator (on same or > different domain?), and are unable to properly use Mailmain, because > Gmail? > No. I'm a mailman administrator on some domain completely unrelated to google in any way, and google is rejecting admin email from said mailman instance to (so far) one list admin who has a gmail.com address.
Re: Gmail email blocking is off the rails (again)
"John Levine" writes: > Google accepts my mail just fine, including from my mailing lists. > Their goal is to make their users happy by accepting the mail the > users want and not the mail the users don't want. If we rule out asking the users for every mail, then that means applying statistics on empirical data. The problem is that smoothing the edges might throw away mail that the recipient care about, just because most other users didn't. Small players risk being blocked on the sole reason that they are too small to make any measurable number of gmail users want their mail. Bjørn
RE: Gmail email blocking is off the rails (again)
On Wednesday, 4 December, 2019 23:24, b...@theworld.com wrote: >But that's ok, the new masters of this universe will just charge both >ends for each and every email (perhaps a few included free with your >Hulu or Netflix subscription) and old timers will talk about how great >it was back in the old days when you could run lists like nanog for >roughly nothing tho I don't know where they'll talk about that. Somehow NetFlix has decided that my email address is "suddenly" invalid (the one that has been in continuous use since the mid-80's). Apparently the third-party that they use to send e-mail is a dirty spammer and thus has been blacklisted. I tried to tell then this, but no one at NetFlix seems to have a clue, and my clue-by-four has no one to hit over the head. I really do no care what the Masters of the Universe think. They can pry my mail server and domain from my cold dead fingers, and until then, they can shove themselves where the sun doesn't shine ... -- The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume.
Re: Gmail email blocking is off the rails (again)
25 years or so from now when the internet is basically a big CATV-like service someone will write a book about how "SPAM Ate The Internet". And a few other things, among them: Phase II: Ham Eats The Internet. Now that every marcom, billing, etc dept and their pet dog has figured out they can send almost unlimited email, billions of them, just about for free and if they have any sort of recognizable corporate identity they won't be challenged by intermediaries (end users might try) watch as you get 100, 500, 1000... emails/day from them collectively. Hey it was just *one* email/day...from each of the Fortune 1000, and their subsidiaries, and their agents, and... But that's ok, the new masters of this universe will just charge both ends for each and every email (perhaps a few included free with your Hulu or Netflix subscription) and old timers will talk about how great it was back in the old days when you could run lists like nanog for roughly nothing tho I don't know where they'll talk about that. -- -Barry Shein Software Tool & Die| b...@theworld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
Re: Gmail email blocking is off the rails (again)
I own domains backed by gsuite/postini and they are awesomely spam free, and good. What I say here shouldn't be taken as saying I don't want that goodness. I also work in domains which routinely get mis-tagged as spammy by google, and that can include replying to google staffers. This isn't good. Understandable, faking flows into your own mail must be a big problem for big mail hosters, mainly doing mail for other people. Oddly, no other enterprise I deal with does this: Only google tags google staffers as spam, when they interact in GMail and G/Suite. It would help enormously if google told us A/B Black/White techniques for our own mail investments in GSuite, which are functionally able to do things, not just community curated hints. But, the "things you can do" feels more like "things you can try" Part of this, is the freemium levels in Google don't go to people. You have to pay google money to get people to talk to. The second part is that we want to believe the awesome, but most people you can talk to in Google are robots with scripts. I have had the great pleasure of speaking at a meeting, with Google staff present, showing a thing which is in some sense "something is wrong" and having them get up to the microphone queue and say "I fixed that" -And it is awesome but its not repeatable, its not sold as a product to everyone, its rare, and it actually hurts more than it helps: Privilege outcomes is why people mail NANOG asking for help. Its not service level, it drives to tweet storms about problems to get fixed. For instance, it isn't clear to me how adding addresses to your own address book does materially interact with spam tagging. I added all the google staffers I deal with, they are still spam boxed. This is one of the recommendations from some years back. Did it ever work? Is it "official" or just an idea? How do you tell? I fully expect the usual ASCII list of "your idea won't work because" but the quality I am trying to get to here, is that mail un-spam and un-filter and un-protect is basically now not just a heuristic, but an undocumented heuristic: we don't know the interactions of the moving parts, and when we ask about the moving parts, the answers feel like smirks. Who you are alters what kind of reply you get back. -George (posting from a g/suite free edition hosted domain btw)
Re: Gmail email blocking is off the rails (again)
On Wed, 4 Dec 2019 at 15:12, John Levine wrote: > > In article > you > write: > >Google still rejects email from my own domain name as outlined in a > >prior message on this list a month or two ago: > > Google accepts my mail just fine, including from my mailing lists. > Their goal is to make their users happy by accepting the mail the > users want and not the mail the users don't want. First they came for the communists, and I didn't speak out, because I was not a communist. … … I've recently noticed that a whole bunch of mailing list posts end up in the spam folder, too; from small personal domains without a _dmarc, for example, so, let's not brush it all under DMARC compliance, shall we? It's been getting worse in the recent months. The writing is on the wall that Google only cares about the corporate users now. They've already shutdown XMPP and Google Plus; yet the underlying products are still alive. > Perhaps it would be more productive to figure out in what ways your system > is different from others. It would also help to stop being coy and tell > us the actual IP addresses and domains that are having trouble so people > who might want to help can do so. This presumes that the issue is related to my static setup, but it's not. Last time around, several people contacted me offlist, and didn't find any issues with my setup either. Plus, as mentioned, I myself have never had any major issues with my mail being accepted by Gmail, either, before I started sending myself some cron output with some domain names they deem malicious. There were no other changes to the IP address or to the domain name on my side. Now here's a novel idea — instead of me having to publish the irrelevant details and doing crowdsourced troubleshooting, maybe Google should tell in their rejection messages the actual reason why they reject these emails, or provide such data on Postmaster Tools, instead of the folk having to resort to the random people on the internet trying to assemble and figure out the interoperability issues of the black box that Google Mail and G Suite are? P.S. For my own story, I disabled a whole bunch of cron tasks, and it seems like the "reputation" hit has subsided, but even after a month or so, it seems like it still hasn't healed completely. I'm still using alternative domains in MAIL FROM if the message has to get through, which still works as a workaround (still same IP and all). C.
Re: Gmail email blocking is off the rails (again)
On Wed, 4 Dec 2019 at 16:43, Matthew Pounsett wrote: > > > > On Wed, 4 Dec 2019 at 17:39, John R. Levine wrote: >> >> >> Or maybe users are tired of the useless monthly messages and report them >> as spam. > > > Again, these are not a user messages or regular list traffic, they're > admin/moderator messages addressed to an admin of a list. So, to clarify the OP issues here — you're using Gmail on your domain (aka G Suite), and are also a Mailman administrator (on same or different domain?), and are unable to properly use Mailmain, because Gmail? Is switching away from G Suite not an option? C.
Re: Gmail email blocking is off the rails (again)
On Wed, 4 Dec 2019 at 17:39, John R. Levine wrote: > > Or maybe users are tired of the useless monthly messages and report them > as spam. > Again, these are not a user messages or regular list traffic, they're admin/moderator messages addressed to an admin of a list. Your point about the possibility of spammers forging those is taken, but I don't see that as being anywhere remotely common enough to justify a 5xx error on attempted delivery of such a message.
Re: Gmail email blocking is off the rails (again)
Someone up-thread noted that my personal domain is hosted on google groups. I've noticed in the past that the behaviour of gmail.com can be very different from the behaviour of a paid mail domain like mine... Google says that every user's spam filtering is different. It's not just free vs. paid. Agreed that spam filtering today is a hard problem, and given Google's scale their problem with it is bigger than most others'. My assertion is that given how ubiquitous mailman's administrative messages are (as opposed to random list traffic), and given that those messages haven't changed in structure in aeons, it should be trivial for a company with Google's resources to not get false positives on those messages. Imagine if some spammer tried sending spam formatted like fake mailman admin messages hoping that the spam filters will let them through since they're obviously OK. Yes, spammers do that kind of stuff. Or maybe users are tired of the useless monthly messages and report them as spam. Regards, John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly
Re: Gmail email blocking is off the rails (again)
On Wed, 4 Dec 2019 at 16:38, John R. Levine wrote: > > Though I agree that Gmail spam filtering is top grade, or close to be so, > > it still sends to spam a statistically significant number of emails from > > IETF and ICANN mailing lists I'm subscribed to. It depends as well on > > which account I should receive those emails. > > Yes, that's mostly the DMARC problem. We're painfully familiar with it. > In this case, the mail origin is DMARC signed, and Gmail accepts all other messages. It simply *appears* to be that they've decided the URLs in mailman's admin/moderator messages are suspicious enough to warrant outright rejection of the message, and not just labelling it as spam or suspicious in the recipient's mailbox. Someone up-thread noted that my personal domain is hosted on google groups. I've noticed in the past that the behaviour of gmail.com can be very different from the behaviour of a paid mail domain like mine... I've seen the same sorts of messages accepted by one and refused by the other on more than one occasion, and it's not always the same one being more strict or restrictive. > > While I understand and totally accept that there might be issues with the > > respective senders' configuration; with mailing lists at least, spam > > filtering is more of a duty of the mailing list admins. ... > > One day I asked a guy at Google why they don't just whitelist incoming > mailing list mail, since they clearly have a good idea where the list > hosts are. He said that legit lists send spam (actual ugly spam, not > filter errors) all the time, either because a subscriber's account is > compromised or the list itself is compromised. Accurate filtering is > remarkably complicated. > Agreed that spam filtering today is a hard problem, and given Google's scale their problem with it is bigger than most others'. My assertion is that given how ubiquitous mailman's administrative messages are (as opposed to random list traffic), and given that those messages haven't changed in structure in aeons, it should be trivial for a company with Google's resources to not get false positives on those messages. Their heuristics and learning algorithms should be primed with a ton of samples of such messages to inform their decision making, if not to outright whitelist them.
Re: Gmail email blocking is off the rails (again)
Though I agree that Gmail spam filtering is top grade, or close to be so, it still sends to spam a statistically significant number of emails from IETF and ICANN mailing lists I'm subscribed to. It depends as well on which account I should receive those emails. Yes, that's mostly the DMARC problem. We're painfully familiar with it. While I understand and totally accept that there might be issues with the respective senders' configuration; with mailing lists at least, spam filtering is more of a duty of the mailing list admins. ... One day I asked a guy at Google why they don't just whitelist incoming mailing list mail, since they clearly have a good idea where the list hosts are. He said that legit lists send spam (actual ugly spam, not filter errors) all the time, either because a subscriber's account is compromised or the list itself is compromised. Accurate filtering is remarkably complicated. Regards, John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly
Re: Gmail email blocking is off the rails (again)
Peace, Though I agree that Gmail spam filtering is top grade, or close to be so, it still sends to spam a statistically significant number of emails from IETF and ICANN mailing lists I'm subscribed to. It depends as well on which account I should receive those emails. While I understand and totally accept that there might be issues with the respective senders' configuration; with mailing lists at least, spam filtering is more of a duty of the mailing list admins. Therefore, it is correct that certain work around the current system is still necessary, and there are edge cases which might cause uncertainty on the sender's side. -- Töma On Thu, Dec 5, 2019, 12:13 AM John Levine wrote: > In article < > capkknb537o5c_fqjh7ucwsf_4usk3euhcjdkdv-zjlu8ek1...@mail.gmail.com> you > write: > >Google still rejects email from my own domain name as outlined in a > >prior message on this list a month or two ago: > > Google accepts my mail just fine, including from my mailing lists. > Their goal is to make their users happy by accepting the mail the > users want and not the mail the users don't want. > > Perhaps it would be more productive to figure out in what ways your system > is different from others. It would also help to stop being coy and tell > us the actual IP addresses and domains that are having trouble so people > who might want to help can do so. > > > > -- > Regards, > John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for > Dummies", > Please consider the environment before reading this e-mail. https://jl.ly >
Re: Gmail email blocking is off the rails (again)
In article you write: >Google still rejects email from my own domain name as outlined in a >prior message on this list a month or two ago: Google accepts my mail just fine, including from my mailing lists. Their goal is to make their users happy by accepting the mail the users want and not the mail the users don't want. Perhaps it would be more productive to figure out in what ways your system is different from others. It would also help to stop being coy and tell us the actual IP addresses and domains that are having trouble so people who might want to help can do so. -- Regards, John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly
Re: Gmail email blocking is off the rails (again)
I think at this point we should upgrade the classification of this issue from being Spam-filter-related to being a fundamental interoperability issue of Google Mail and G Suite with regards to email and SMTP. Google has a monopoly on corporate email nowadays (even OPs own domain name is still handled by Gmail). Google still "officially" supports incoming SMTP, but they've otherwise made it non-interoperable with a whole bunch of the operators. Google still rejects email from my own domain name as outlined in a prior message on this list a month or two ago: * https://mailman.nanog.org/pipermail/nanog/2019-October/103817.html Since I am able to receive email from Gmail, but not able to send it back, I'm thinking of implementing my own handling of incoming SMTP unique and specific to Gmail / G Suite — anytime anyone tries to send me email from Gmail / G Suite, I'll accept the message, but instead of providing a 2.0.0 confirmation at the end of the message body, will instead provide a 5.0.0 DSN with an error message explaining to the sender that I won't be able to reply back to them due to the interoperability issues of Google Mail / G Suite on their side. What other choice do I have? I just don't see any other way on how to proceed otherwise. It's especially annoying if you're using a certain platform to communicate with someone (which automatically takes care of the notifications and has its own email gateway), and then they switch the conversation to direct email, but then you're no longer able to reply to their communication. C. > Cute way to promote Google Groups over Mailman. Gotta give 'em credit > for being creative :-) > > > For some reason Gmail has started blocking mailman administrative > > emails to someone who's an admin on a list I host. Their SMTP 552 > > error message points to > > <https://support.google.com/mail/?p=BlockedMessage>, which implies the > > "problem" is the URLs in the email, but is otherwise completely unhelpful. > > > > If anyone here has any pull with Gmail postmasters, could you please > > suggest to them that they whitelist messages that are as consistent > > and well-known as mailman's admin and moderator messages?
Re: Gmail email blocking is off the rails (again)
On 04/12/2019 05:04, Matthew Pounsett wrote: Cute way to promote Google Groups over Mailman. Gotta give 'em credit for being creative :-) -Hank For some reason Gmail has started blocking mailman administrative emails to someone who's an admin on a list I host. Their SMTP 552 error message points to <https://support.google.com/mail/?p=BlockedMessage>, which implies the "problem" is the URLs in the email, but is otherwise completely unhelpful. If anyone here has any pull with Gmail postmasters, could you please suggest to them that they whitelist messages that are as consistent and well-known as mailman's admin and moderator messages?
Re: Gmail email blocking is off the rails (again)
You might have better luck emailing the mailops list. On Tue, Dec 3, 2019, 10:06 PM Matthew Pounsett wrote: > > For some reason Gmail has started blocking mailman administrative emails > to someone who's an admin on a list I host. Their SMTP 552 error message > points to <https://support.google.com/mail/?p=BlockedMessage>, which > implies the "problem" is the URLs in the email, but is otherwise completely > unhelpful. > > If anyone here has any pull with Gmail postmasters, could you please > suggest to them that they whitelist messages that are as consistent and > well-known as mailman's admin and moderator messages? > > >
Gmail email blocking is off the rails (again)
For some reason Gmail has started blocking mailman administrative emails to someone who's an admin on a list I host. Their SMTP 552 error message points to <https://support.google.com/mail/?p=BlockedMessage>, which implies the "problem" is the URLs in the email, but is otherwise completely unhelpful. If anyone here has any pull with Gmail postmasters, could you please suggest to them that they whitelist messages that are as consistent and well-known as mailman's admin and moderator messages?
Google/GMail contact
Looking for a Google/GMail contact, off-list. Eric
Re: Any Gmail Admins on here?
Expired certificate, confirmation email delivered in SPAM. I agree that it looks phishy even if it's probably not. When you read the email In gmail, you can click on the 3 little dots, which will expand a menu and then on "Show original" You should see 3 important email attributes for helping providers in flagging SPAM, which are SPF, DKIM and DMARC. If you don't see all of the 3, there is a big chance that gmail will flag as SPAM. SPF: PASS with IP 2600::25 Learn more <https://support.google.com/a/answer/33786?hl=en> DKIM: 'PASS' with domain example.com Learn more <https://support.google.com/a/answer/174124?hl=en> DMARC: 'PASS' Learn more <https://support.google.com/a/answer/2466580?hl=en> Does the email have all of the 3 or only some or none? Jean On 10/27/18 11:38 AM, Jeremy Parr wrote: Not only that, but I just tried signing up, and the confirmation email was marked as spam by GMail. Does not inspire confidence. On Thu, Oct 25, 2018 at 1:26 PM Harald Koch <mailto:c...@pobox.com>> wrote: chilli.nosignal.org <http://chilli.nosignal.org> has an SSL certificate that expired in *July*. -- Harald On Thu, 25 Oct 2018 at 12:48, Mike Hammett mailto:na...@ics-il.net>> wrote: https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop - Mike Hammett Intelligent Computing Solutions <http://www.ics-il.com/> <https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL> Midwest Internet Exchange <http://www.midwest-ix.com/> <https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix> The Brothers WISP <http://www.thebrotherswisp.com/> <https://www.facebook.com/thebrotherswisp><https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> *From: *"Art Plato" mailto:apl...@coldwater.org>> *To: *"nanog" mailto:nanog@nanog.org>> *Sent: *Thursday, October 25, 2018 11:39:36 AM *Subject: *Any Gmail Admins on here? I apologize for putting this out in this forum but I have attempted to reach Google/Gmail for several weeks with no response. Their servers have flagged my domain with bad reputation even thought he stats say no spam has been sent from my domain for the past several months that I can see. Please PM me if you are out there. Thanks, Art Plato
Re: Any Gmail Admins on here?
Not only that, but I just tried signing up, and the confirmation email was marked as spam by GMail. Does not inspire confidence. On Thu, Oct 25, 2018 at 1:26 PM Harald Koch wrote: > chilli.nosignal.org has an SSL certificate that expired in *July*. > > -- > Harald > > > On Thu, 25 Oct 2018 at 12:48, Mike Hammett wrote: > >> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop >> >> >> >> - >> Mike Hammett >> Intelligent Computing Solutions <http://www.ics-il.com/> >> <https://www.facebook.com/ICSIL> >> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >> <https://www.linkedin.com/company/intelligent-computing-solutions> >> <https://twitter.com/ICSIL> >> Midwest Internet Exchange <http://www.midwest-ix.com/> >> <https://www.facebook.com/mdwestix> >> <https://www.linkedin.com/company/midwest-internet-exchange> >> <https://twitter.com/mdwestix> >> The Brothers WISP <http://www.thebrotherswisp.com/> >> <https://www.facebook.com/thebrotherswisp> >> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> >> -- >> *From: *"Art Plato" >> *To: *"nanog" >> *Sent: *Thursday, October 25, 2018 11:39:36 AM >> *Subject: *Any Gmail Admins on here? >> >> I apologize for putting this out in this forum but I have attempted to >> reach Google/Gmail for several weeks with no response. Their servers have >> flagged my domain with bad reputation even thought he stats say no spam has >> been sent from my domain for the past several months that I can see. Please >> PM me if you are out there. >> >> Thanks, >> Art Plato >> >> >>
Re: Any Gmail Admins on here?
As has been pointed out on the outages ML repeatedly. On October 25, 2018 10:23:25 AM PDT, Harald Koch wrote: >chilli.nosignal.org has an SSL certificate that expired in *July*. > >-- >Harald > > >On Thu, 25 Oct 2018 at 12:48, Mike Hammett wrote: > >> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop >> >> >> >> - >> Mike Hammett >> Intelligent Computing Solutions <http://www.ics-il.com/> >> <https://www.facebook.com/ICSIL> >> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >> <https://www.linkedin.com/company/intelligent-computing-solutions> >> <https://twitter.com/ICSIL> >> Midwest Internet Exchange <http://www.midwest-ix.com/> >> <https://www.facebook.com/mdwestix> >> <https://www.linkedin.com/company/midwest-internet-exchange> >> <https://twitter.com/mdwestix> >> The Brothers WISP <http://www.thebrotherswisp.com/> >> <https://www.facebook.com/thebrotherswisp> >> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> >> -- >> *From: *"Art Plato" >> *To: *"nanog" >> *Sent: *Thursday, October 25, 2018 11:39:36 AM >> *Subject: *Any Gmail Admins on here? >> >> I apologize for putting this out in this forum but I have attempted >to >> reach Google/Gmail for several weeks with no response. Their servers >have >> flagged my domain with bad reputation even thought he stats say no >spam has >> been sent from my domain for the past several months that I can see. >Please >> PM me if you are out there. >> >> Thanks, >> Art Plato >> >> >> -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: Any Gmail Admins on here?
I tried telling them as well at the listed admin address of mailman, good luck! sendmail[6318]: w9PH8TE05888: to=mail...@chilli.default.andyd.uk0.bigv.io, ctladdr=andreas (111/200), delay=00:26:38, xdelay=00:00:03, mailer=esmtp, pri=302235, relay=chilli.default.andyd.uk0.bigv.io. [213.138.100.131], dsn=4.3.0, stat=Deferred: 451 Temporary local problem - please try later On Thu, Oct 25, 2018 at 10:27 AM Harald Koch wrote: > chilli.nosignal.org has an SSL certificate that expired in *July*. > > -- > Harald > > > On Thu, 25 Oct 2018 at 12:48, Mike Hammett wrote: > >> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop >> >> >> >> - >> Mike Hammett >> Intelligent Computing Solutions <http://www.ics-il.com/> >> <https://www.facebook.com/ICSIL> >> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >> <https://www.linkedin.com/company/intelligent-computing-solutions> >> <https://twitter.com/ICSIL> >> Midwest Internet Exchange <http://www.midwest-ix.com/> >> <https://www.facebook.com/mdwestix> >> <https://www.linkedin.com/company/midwest-internet-exchange> >> <https://twitter.com/mdwestix> >> The Brothers WISP <http://www.thebrotherswisp.com/> >> <https://www.facebook.com/thebrotherswisp> >> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> >> -- >> *From: *"Art Plato" >> *To: *"nanog" >> *Sent: *Thursday, October 25, 2018 11:39:36 AM >> *Subject: *Any Gmail Admins on here? >> >> I apologize for putting this out in this forum but I have attempted to >> reach Google/Gmail for several weeks with no response. Their servers have >> flagged my domain with bad reputation even thought he stats say no spam has >> been sent from my domain for the past several months that I can see. Please >> PM me if you are out there. >> >> Thanks, >> Art Plato >> >> >>
Re: Any Gmail Admins on here?
chilli.nosignal.org has an SSL certificate that expired in *July*. -- Harald On Thu, 25 Oct 2018 at 12:48, Mike Hammett wrote: > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > > > > - > Mike Hammett > Intelligent Computing Solutions <http://www.ics-il.com/> > <https://www.facebook.com/ICSIL> > <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> > <https://www.linkedin.com/company/intelligent-computing-solutions> > <https://twitter.com/ICSIL> > Midwest Internet Exchange <http://www.midwest-ix.com/> > <https://www.facebook.com/mdwestix> > <https://www.linkedin.com/company/midwest-internet-exchange> > <https://twitter.com/mdwestix> > The Brothers WISP <http://www.thebrotherswisp.com/> > <https://www.facebook.com/thebrotherswisp> > <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> > -- > *From: *"Art Plato" > *To: *"nanog" > *Sent: *Thursday, October 25, 2018 11:39:36 AM > *Subject: *Any Gmail Admins on here? > > I apologize for putting this out in this forum but I have attempted to > reach Google/Gmail for several weeks with no response. Their servers have > flagged my domain with bad reputation even thought he stats say no spam has > been sent from my domain for the past several months that I can see. Please > PM me if you are out there. > > Thanks, > Art Plato > > >
Re: Any Gmail Admins on here?
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Art Plato" To: "nanog" Sent: Thursday, October 25, 2018 11:39:36 AM Subject: Any Gmail Admins on here? I apologize for putting this out in this forum but I have attempted to reach Google/Gmail for several weeks with no response. Their servers have flagged my domain with bad reputation even thought he stats say no spam has been sent from my domain for the past several months that I can see. Please PM me if you are out there. Thanks, Art Plato
Any Gmail Admins on here?
I apologize for putting this out in this forum but I have attempted to reach Google/Gmail for several weeks with no response. Their servers have flagged my domain with bad reputation even thought he stats say no spam has been sent from my domain for the past several months that I can see. Please PM me if you are out there. Thanks, Art Plato
Gmail admin
Is there a gmail admin that can contact me offlist? Thanks much.
Gmail security contact off list
Can someone from Gmail security contact me off list. Pardon the interruption EKG
Re: Google / GMail Geolocation
Yes, I believe I have tried that form at some point in the past but nothing came of it last time - I'll submit it for this instance as well. On Thu, Mar 15, 2018 at 3:56 PM Yury Shefer wrote: > Have you tried to contact G through the following form? > https://support.google.com/websearch/contact/ip > > > On Thu, Mar 15, 2018 at 4:35 AM, Harry Reeder > wrote: > >> Hi Folks, >> >> Wondering if anyone has a contact at Google who can help - I've a customer >> who's attempted to log in from one of our IPs (which comes from one of >> Cogent's /16 blocks) however they get an automated email response from >> Google saying that they're logging in from Hong Kong, and the login was >> prevented for security reasons (as someone may have their password). For >> reference, the whois response shows Washington DC, and refers to Cogent's >> rwhois which places us correctly at Telehouse London. Tools like Maxmind >> also have our location correct. >> >> Is there somewhere I can go to get this corrected for our leased IP >> ranges? >> (I am aware that the long term solution is to get our own IP space - I am >> working on that, I just don't have enough of a business case yet) >> >> Off-list replies also welcome. >> >> Thanks >> Harry >> > >
Re: Google / GMail Geolocation
Have you tried to contact G through the following form? https://support.google.com/websearch/contact/ip On Thu, Mar 15, 2018 at 4:35 AM, Harry Reeder wrote: > Hi Folks, > > Wondering if anyone has a contact at Google who can help - I've a customer > who's attempted to log in from one of our IPs (which comes from one of > Cogent's /16 blocks) however they get an automated email response from > Google saying that they're logging in from Hong Kong, and the login was > prevented for security reasons (as someone may have their password). For > reference, the whois response shows Washington DC, and refers to Cogent's > rwhois which places us correctly at Telehouse London. Tools like Maxmind > also have our location correct. > > Is there somewhere I can go to get this corrected for our leased IP ranges? > (I am aware that the long term solution is to get our own IP space - I am > working on that, I just don't have enough of a business case yet) > > Off-list replies also welcome. > > Thanks > Harry >
Google / GMail Geolocation
Hi Folks, Wondering if anyone has a contact at Google who can help - I've a customer who's attempted to log in from one of our IPs (which comes from one of Cogent's /16 blocks) however they get an automated email response from Google saying that they're logging in from Hong Kong, and the login was prevented for security reasons (as someone may have their password). For reference, the whois response shows Washington DC, and refers to Cogent's rwhois which places us correctly at Telehouse London. Tools like Maxmind also have our location correct. Is there somewhere I can go to get this corrected for our leased IP ranges? (I am aware that the long term solution is to get our own IP space - I am working on that, I just don't have enough of a business case yet) Off-list replies also welcome. Thanks Harry
gmail contact?
Y'all -- Who would I talk to about a gmail server that's apparently on one of the various sorbs lists? Ping me on my personal email -- r...@riw.us. :-) Russ
Gmail or GAFYD SREs on the list?
Folks, Do we have any SREs from the Gmail or Google Apps For Your Domain teams on the list? I’m helping to support some domains related to the Network Time Foundation and NTP.org, and we’re having some problems with IPv6 connectivity to them. Thanks! -- Brad Knowles signature.asc Description: Message signed with OpenPGP using GPGMail
Re: Gmail failure recently?
Hi Hank, I'm user of Gmail with this account but I don't see any issue, the service is normal from my point of view. Kind regards, Marco Paesani Skype: mpaesani Mobile: +39 348 6019349 Success depends on the right choice ! Email: ma...@paesani.it 2016-11-15 7:35 GMT+01:00 Hank Nussbacher : > I woke today to find that all my Inbox items from May 1-Nov 15, 2016 > were missing. All other folders are intact. Missing emails are not in > Spam, Trash, Archive or auto-fwded. Did pswd reset and have initiated a > request to restore the missing emails, but am wondering whether others > have experienced some sort of Gmail failure in the past 8 hours. > > Thanks, > Hank >
Gmail failure recently?
I woke today to find that all my Inbox items from May 1-Nov 15, 2016 were missing. All other folders are intact. Missing emails are not in Spam, Trash, Archive or auto-fwded. Did pswd reset and have initiated a request to restore the missing emails, but am wondering whether others have experienced some sort of Gmail failure in the past 8 hours. Thanks, Hank
Re: Why the internal network delays, Gmail?
On Sat, Aug 27, 2016 at 11:24 AM, wrote: > > And apparently you need to know the secret handshake to get on. I was able to sign-up yesterday, I even saw John's mail about your insecure error. I don't know why I didn't sign up before, my work ITIL is Messaging Manager. -- Joe Hamelin, W7COM, Tulalip, WA, +1 (360) 474-7474
Re: Why the internal network delays, Gmail?
On Sat, Aug 27, 2016 at 01:25:42AM -, John Levine wrote: > In article > you > write: > >I was working within the limits of what I had available. > > Here's the subscription page for mailop. It's got about as odd > a mix of people as nanog, ranging from people with single user linux > machines to people who run some of the largest mail systems in > the world, including Gmail: > > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop I know they're mailops, and not tlsops, but surely presenting a cert that didn't expire six months ago isn't beyond the site admin's capabilities? - Matt
Re: Why the internal network delays, Gmail?
Thanks for all the feedback related and unrelated to the problem. I'm aware of many available troubleshooting tools and considered this one of them, but I've been shown that this, albeit appropriate, forum, was not a good choice to solicit technical assistance. I consider the matter closed. -- Sent from a phone. Please excuse the brevity of this message and any typographical errors. On Aug 27, 2016 11:17, wrote: > Hi, > > > I was working within the limits of what I had available. > > Google offer several trouble shooting tools for their service too, > you might want to look at their toolbox eg > > https://toolbox.googleapps.com/apps/messageheader/ > > (part of their 'why is my email slow to deliver?' process) > > alan >
Re: Why the internal network delays, Gmail?
On Sat, 27 Aug 2016 10:34:36 -, Mel Beckman said: > But mailop doesn't have the same odd mix of people as nanog. For example, I'm > not on mailop. :) And apparently you need to know the secret handshake to get on. After Chrome complained the SSL cert on the subscription page had expired 6 months ago, the site tells me I can't subscribe: Your subscription is not allowed because the email address you gave is insecure. Yay, team? pgpL5su8acUOf.pgp Description: PGP signature
Re: Why the internal network delays, Gmail?
Hi, > I was working within the limits of what I had available. Google offer several trouble shooting tools for their service too, you might want to look at their toolbox eg https://toolbox.googleapps.com/apps/messageheader/ (part of their 'why is my email slow to deliver?' process) alan
Re: Why the internal network delays, Gmail?
Hi, > administrator reaching out to peers for assistance with a particular > problem that is clearly network related is inappropriate for a network clearly network related? people have an interesting expectation of email - expecting instant delivery. you might check their level of expectationthe SLA etc define service availability but email delivery is pretty much 'best efforts of all parties involved in the transaction' - ideally it gets there quickly...but it could take up to 72 hours. google have several status dashboards that you can check/monitor. generally, if you have an issue with a particular service on the internet, contact them directly. dont use a 3rd party mail list - they *might* be aroudn on it but its not their official service desk contact point ;-) alan
Re: Why the internal network delays, Gmail?
John, But mailop doesn't have the same odd mix of people as nanog. For example, I'm not on mailop. :) In any event, Nate specifically asked if other nanogers were seeing similar symptoms, which is an entirely appropriate use of this list. -mel On Aug 26, 2016, at 9:26 PM, John Levine mailto:jo...@iecc.com>> wrote: In article mailto:caltoqtqkfeadxnr1+4yzydoyuwebg_+qyaq7ubhxtmv0jcn...@mail.gmail.com>> you write: I was working within the limits of what I had available. Here's the subscription page for mailop. It's got about as odd a mix of people as nanog, ranging from people with single user linux machines to people who run some of the largest mail systems in the world, including Gmail: https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop R's, John
Re: Why the internal network delays, Gmail?
Im thankful Nate posted. Gmail isnt a small system that affects only a small percentage of people worldwide, and therefore a perfect candidate for a mail- specific list that many (and many nanoggers like me) arent part of, for lack of additional bandwidth in life. However, gmail not working (similar to 8.8.8.8/.4.4 or 4.2.2.2 not working) shouldnt be on a mail-only or dns-only ops list im not part of: when 8.8.8.8 doesnt work, the complaints appear as "is there a power failure at your datacentre?" to "my website is down!" - same deal with gmail, it's that big. While I cant say exactly what that cutoff line is for mail and dns issues being postable to nanog or not, I definitely know gmail is pretty much the top of the pile (for now). Thanks Nate! /kc On Fri, Aug 26, 2016 at 05:31:59PM -0600, Nate Metheny said: >I was working within the limits of what I had available. > >I apologize if people on the list consider a network and systems >administrator reaching out to peers for assistance with a particular >problem that is clearly network related is inappropriate for a network >operations group list that may or may not have Google or Google affiliated >employees or contractors on it. > >I will use more discretion in the future. > >-- >Sent from a phone. Please excuse the brevity of this message and any >typographical errors. > >On Aug 26, 2016 17:18, "Mark Foster" wrote: > >> Hi Mel, There's another mailing list called 'mailop' which is probably >> more appropriate for email related problems, than NANOG. >> >> And in response to Nate: >> >> I was in contact with Google and after some convincing and detailed header >>> information, they acknowledged that they are having internal MX issues and >>> assure me that they will deal with the issue promptly. >>> >>> Initially they did not even acknowledge that there was a problem, so it >>> took several tiers of support people to finally see the issue. >>> >>> I look forward to the ongoing exchanges on the list. >>> >> >> Useful to know, but John is right - as cited, working through Google's >> support process, got somewhere. >> Further exchanges on NANOG are probably inappropriate. A group like >> 'mailop' probably has a higher care factor, however. >> >> (I would also note that email delays that are demonstratably outside of >> your network (as headers will show) are very easily painted as something >> beyond your control, and the nature of email is very much 'best effort', so >> anyone playing the blame game needs a reality check. Just because email >> exchanges 'are often' near-instantaneous, does not mean they always will >> be.) >> >> >> Mark. >> >> >> >> On 27/08/2016 8:53 a.m., Mel Beckman wrote: >> >>> John, >>> >>> With all due respect, it's S.O.P. for Nanogen to ask the list if anyone >>> else is experiencing a particular problem with some carrier or another. So >>> Nate's question is totally appropriate for this list. I know I've solved >>> several problems by airing them here and getting insight from other list >>> members. >>> >>> -mel beckman >>> >>> *snip* >> -- Ken Chase - m...@sizone.org Toronto Canada
Re: Why the internal network delays, Gmail?
In article you write: >I was working within the limits of what I had available. Here's the subscription page for mailop. It's got about as odd a mix of people as nanog, ranging from people with single user linux machines to people who run some of the largest mail systems in the world, including Gmail: https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop R's, John
Re: Why the internal network delays, Gmail?
I was working within the limits of what I had available. I apologize if people on the list consider a network and systems administrator reaching out to peers for assistance with a particular problem that is clearly network related is inappropriate for a network operations group list that may or may not have Google or Google affiliated employees or contractors on it. I will use more discretion in the future. -- Sent from a phone. Please excuse the brevity of this message and any typographical errors. On Aug 26, 2016 17:18, "Mark Foster" wrote: > Hi Mel, There's another mailing list called 'mailop' which is probably > more appropriate for email related problems, than NANOG. > > And in response to Nate: > > I was in contact with Google and after some convincing and detailed header >> information, they acknowledged that they are having internal MX issues and >> assure me that they will deal with the issue promptly. >> >> Initially they did not even acknowledge that there was a problem, so it >> took several tiers of support people to finally see the issue. >> >> I look forward to the ongoing exchanges on the list. >> > > Useful to know, but John is right - as cited, working through Google's > support process, got somewhere. > Further exchanges on NANOG are probably inappropriate. A group like > 'mailop' probably has a higher care factor, however. > > (I would also note that email delays that are demonstratably outside of > your network (as headers will show) are very easily painted as something > beyond your control, and the nature of email is very much 'best effort', so > anyone playing the blame game needs a reality check. Just because email > exchanges 'are often' near-instantaneous, does not mean they always will > be.) > > > Mark. > > > > On 27/08/2016 8:53 a.m., Mel Beckman wrote: > >> John, >> >> With all due respect, it's S.O.P. for Nanogen to ask the list if anyone >> else is experiencing a particular problem with some carrier or another. So >> Nate's question is totally appropriate for this list. I know I've solved >> several problems by airing them here and getting insight from other list >> members. >> >> -mel beckman >> >> *snip* >
Re: Why the internal network delays, Gmail?
Hi Mel, There's another mailing list called 'mailop' which is probably more appropriate for email related problems, than NANOG. And in response to Nate: I was in contact with Google and after some convincing and detailed header information, they acknowledged that they are having internal MX issues and assure me that they will deal with the issue promptly. Initially they did not even acknowledge that there was a problem, so it took several tiers of support people to finally see the issue. I look forward to the ongoing exchanges on the list. Useful to know, but John is right - as cited, working through Google's support process, got somewhere. Further exchanges on NANOG are probably inappropriate. A group like 'mailop' probably has a higher care factor, however. (I would also note that email delays that are demonstratably outside of your network (as headers will show) are very easily painted as something beyond your control, and the nature of email is very much 'best effort', so anyone playing the blame game needs a reality check. Just because email exchanges 'are often' near-instantaneous, does not mean they always will be.) Mark. On 27/08/2016 8:53 a.m., Mel Beckman wrote: John, With all due respect, it's S.O.P. for Nanogen to ask the list if anyone else is experiencing a particular problem with some carrier or another. So Nate's question is totally appropriate for this list. I know I've solved several problems by airing them here and getting insight from other list members. -mel beckman *snip*
Re: Why the internal network delays, Gmail?
John, With all due respect, it's S.O.P. for Nanogen to ask the list if anyone else is experiencing a particular problem with some carrier or another. So Nate's question is totally appropriate for this list. I know I've solved several problems by airing them here and getting insight from other list members. -mel beckman > On Aug 26, 2016, at 4:13 PM, John Levine wrote: > > In article > you > write: >> Help (and hi)! >> >> I work in higher education and we've been experiencing problems with Google >> delaying or queuing email for delivery to our domain. > > This is a question for Google, not for nanog. Only they know how their > network > is set up and how their mail servers are managed. > > R's, > John > > PS: Also keep in mind that sometimes free services are worth what you pay for > them. >
Re: Why the internal network delays, Gmail?
Thanks, John. I was in contact with Google and after some convincing and detailed header information, they acknowledged that they are having internal MX issues and assure me that they will deal with the issue promptly. Initially they did not even acknowledge that there was a problem, so it took several tiers of support people to finally see the issue. I look forward to the ongoing exchanges on the list. On Fri, Aug 26, 2016 at 2:45 PM, Nate Metheny wrote: > Thanks, John. > > I was in contact with Google and after some convincing and detailed header > information, they acknowledged that they are having internal MX issues and > assure me that they will deal with the issue promptly. > > Initially they did not even acknowledge that there was a problem, so it > took several tiers of support people to finally see the issue. > > I look forward to the ongoing exchanges on the list. > > On Fri, Aug 26, 2016 at 2:12 PM, John Levine wrote: > >> In article > gmail.com> you write: >> >Help (and hi)! >> > >> >I work in higher education and we've been experiencing problems with >> Google >> >delaying or queuing email for delivery to our domain. >> >> This is a question for Google, not for nanog. Only they know how their >> network >> is set up and how their mail servers are managed. >> >> R's, >> John >> >> PS: Also keep in mind that sometimes free services are worth what you pay >> for them. >> >> > > > -- > > Nate Metheny > natemeth...@gmail.com > -- Nate Metheny natemeth...@gmail.com
Re: Why the internal network delays, Gmail?
In article you write: >Help (and hi)! > >I work in higher education and we've been experiencing problems with Google >delaying or queuing email for delivery to our domain. This is a question for Google, not for nanog. Only they know how their network is set up and how their mail servers are managed. R's, John PS: Also keep in mind that sometimes free services are worth what you pay for them.
Why the internal network delays, Gmail?
Help (and hi)! I work in higher education and we've been experiencing problems with Google delaying or queuing email for delivery to our domain. Here's some truncated email headers: ** Example 1: X-Received: by 10.237.55.65 with SMTP id i59mr10986018qtb.62.1472137448952; Thu, 25 Aug 2016 08:04:08 -0700 (PDT) Received: by mail-qt0-f175.google.com with SMTP id u25so27419242qtb.1 for <@***>; Thu, 25 Aug 2016 12:05:46 -0700 (PDT) ** Example 2: X-Received: by 10.36.1.75 with SMTP id 72mr5275579itk.40.1472130531887; Thu, 25 Aug 2016 06:08:51 -0700 (PDT) Received: by mail-it0-f48.google.com with SMTP id x131so289116132ite.0 for <@***>; Thu, 25 Aug 2016 11:50:42 -0700 (PDT) In both of these examples, these emails haven't even left Google's internal network yet; I'm getting blamed for these delays, however there is no delay in receiving these emails after they leave Google's network. Are other people having this same problem? I've tested delivery to my network from many outside sources and all SMTP requests go through without delay; this issue seems be exclusive to Google-hosted and Gmail accounts and domains. -- Nate n...@dopedesign.com
Re: Gmail down
saw it down as well. came back for me in < 5 minutes. On Tue, Jul 5, 2016 at 10:49 AM, Josh Luthman wrote: > Web interface is broken, downdetector sure sees activity. This attempt is > from mobile. > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 >
Re: Gmail down
All good in Houghton, MI [image: Inline image 1] Matt Freitag Network Engineer I Information Technology Michigan Technological University (906) 487-3696 <%28906%29%20487-3696> https://www.mtu.edu/ https://www.it.mtu.edu/ On Tue, Jul 5, 2016 at 11:33 AM, Josh Luthman wrote: > I believe that only checks for an HTTP response, which would have responded > successfully. Not relevant to the issue. > > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > > On Tue, Jul 5, 2016 at 11:18 AM, John Peach > wrote: > > > https://downforeveryoneorjustme.com/gmail.com > > > > > > On Tue, 5 Jul 2016 10:49:31 -0400 > > Josh Luthman wrote: > > > > > Web interface is broken, downdetector sure sees activity. This > > > attempt is from mobile. > > > > > > Josh Luthman > > > Office: 937-552-2340 > > > Direct: 937-552-2343 > > > 1100 Wayne St > > > Suite 1337 > > > Troy, OH 45373 > > > > >
