Re: [mailop] SPF alignment when sending from G Suite

On Fri, 11 Oct 2024, Scott Q. wrote: if you don't mind me asking, when you say: which makes it easy for any of their customers to SPF spoof any other customer. you mean the header or the envelope from ? Afaik, the envelope from is (should be!) tied to the authenticated user Indeed it should

Re: [mailop] Mailserver software

On Wed, 17 Jul 2024, Eric Tykwinski wrote: My guess would be iCloud Private Relay is turned on... https://support.apple.com/guide/icloud/icloud-private-relay-mm8010d8daf3/icloud Interesting thought but the docs appear to say it just does web traffic. I'm not inclined to set up an icloud+ accou

Re: [mailop] Domains discrimination

On Wed, 10 Jul 2024, Raymond Dijkxhoorn wrote: There is a specific gang using these domains. Can give hundreds as an example over the last few months. They should be super easy to terminate yet nothing is happening… It's hard to believe there is enough legit use of sa.com to be worth the hass

Re: [mailop] drunks and lampposts, Contact Qualtrics

On Fri, 5 Jul 2024, Tobias Fiebig wrote: I think we had that discussion as well today; Something about me claiming that sending mails looking that much like phishing actually trains people to not question all the other funny mails coming in; I think that is why I said 'this is going to my "this i

Re: [mailop] Debugging fwd issue meta.com to zoho.com (Help from user under meta.com needed)

On Wed, 5 Jun 2024, Tobias Fiebig wrote: If you're not sending SMTPUTF8 mail, the DKIM signature headers should be ASCII with no encoding needed. But if you are ending SMTPUTF8 mail, you can put UTF-8 directly in the header and it doesn't need any futher encoding either. Yeah, even more odd, th

Re: [mailop] Line too long

On Fri, 17 May 2024, Brandon Long wrote: I don't know anyone who uses BINARYMIME. Microsoft's MTAs say they do but I've never tried to see if it works. We did some testing with it and got some really inconsistent end to end responses even from services which advertised it. The idea of saving

Re: [mailop] (Mis)use of DKIM's length tag and it's impact on DMARC and BIMI

On Fri, 17 May 2024, Brandon Long wrote: I guess the part that's new to me is the apparent widespread (enough) use of the l= parameter. I don't recall ever noticing its use before, though can't say it was ever top of mind when looking at various headers of messages. I have to admit I'm surpr

Re: [mailop] What is Yahoo TSS09 ?

I am moving my servers to new IP addresses, which is always fun. The new block is 192.55.226/24 which was allocated in 1989 and has never been live until this week. So here's what AOL says to innocuous messagee from my users. 553 5.7.2 [TSS09] All messages from 192.55.226.66 will be permanently

Re: [mailop] Are there other comparable services like spamcop.net / spamhaus.org?

On Wed, 3 Apr 2024, Laura Atkins wrote: They do not accept third party samples and never have. They are now. https://submit.spamhaus.org/ Huh. Nobody tells me nothin'. Regards, John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading

Re: [mailop] One click unsubscribe in mailing list messages

On Sun, 25 Feb 2024, Ken O'Driscoll wrote: Outlook has supported list-unsubscribe for at least a year, if not longer. But, it's an add-on you need to proactively install so... I'm looking at the list of add-ins and I don't see it. Maybe it's Windows only and I'm on a Mac? R's, John It app

Re: [mailop] Is forwarding to Gmail basically dead?

Frustratingly, some see DKIM as too complicated and they run their own mail servers and simply won't set it up. I agree that it's annoying to do ... but it's become pretty close to necessary these days. The users with the worst problems were my local town government who were getting mail from

Re: [mailop] [E] Re: Spamfolder mini rant (Was: Contact Google Postmaster)

That’s not the only option they offer. While they might use POP3 for most accounts in the ancient “import” flow, they do support adding 3rd party accounts properly via IMAP via their Gmailify feature. Oh, OK. That only works for a handful of large providers. For my users it says too bad, POP

Re: [mailop] ECDSA DKIM validation?

On Thu, 21 Dec 2023, Stuart Henderson wrote: If you've had to talk someone not very technical through adding a DKIM RSA key to a poorly implemented web interface from some cheap DNS provider that doesn't handle long TXT records, you might feel differently. I take your point but I can only have

Re: [mailop] ECDSA DKIM validation?

On Thu, 21 Dec 2023, Mike Hillyer wrote: John Said: I'm sure that Google has code somewhere that can validate ED25519 signatures. But that does not mean that it would be a good idea for them to use that code in production today and try to update their reputation systems to deal with the dual s

Re: [mailop] ECDSA DKIM validation?

On Thu 21/Dec/2023 10:37:52 +0100 John Levine via mailop wrote: Yes, your code should handle them. No, that doesn't mean you should sign with them. Yup. The question was why Gmail doesn't /verify/ ed25519 signatures. Answering that they do so because it's not necessary to use them doesn't s

Re: [mailop] dnsbl.spam.fail

I also block most mail from Hetzner's network. It's not a vendetta, it's not extortion, it's purely practical. My time is not unlimited, the vast majority of the mail from that network is spam and if a tiny bit of real mail gets lost, so be it. It is not worth my time to make exceptions in my filt

Re: [mailop] Gmail says "Message bounced due to organizational settings."

I'm doing some work for arxiv.org, the preprint server at Cornell university. Many gmail users have reported that when they try to send mail to arxiv.org addresses to update their subscriptions, it fails saying Message Blocked, with the explanation "Message bounced due to organizational settings.

Re: [mailop] greylisting, SendGrid is deleting your mail

Do you have any idea how many of those would be tripped up by a Postfix-style banner delay? Good question. I've been meaning to add a greet pause but haven't yet gotten around to it. I got around to it and now do a greet pause before I greylist. Most of the hosts on the Spamhaus BLs are earl

Re: [mailop] SPF: Does include: a host without TXT entry invalidate the whole SPF entry?

If you don't care enough to publish a valid SPF record, why should we think you care whether we deliver your mail? The customer in question used an ESP to send marketing emails. That ESP told him what host to include in his SPF record. Probably some years later, that ESP changed domain and that

Re: [mailop] push and pull, Microsoft Office365 not rejecting emails when instructed so by SPF recored?

Not really.  Partly it's that they don't want to send stuff by SMTP where a glitch could bounce the statement into some random admin's mailbox or a spam scanner might do who knows what with it.  But mostly it's that they want to train their users to use a web browser with an SSL connection to l

Re: [mailop] push and pull, Microsoft Office365 not rejecting emails when instructed so by SPF recored?

On Tue, 30 May 2023, post...@sfina.com wrote: https://cr.yp.to/im2000.html You can tell from its name how long ago it was, and from the fact that you never heard of it before how successful it was. If I may respectfully encourage you to look at how you receive your online banking statements,

Re: [mailop] address rewriting, Thoughts on envelope address local-part length limits

On Mon, 15 May 2023, Brandon Long wrote: Yes, VERP and SRS are the two most obvious cases where their design inherently doesn't work with the limit (encoding the full email address into the mailbox portion) You'd need to either get fancy with the domain portion, which has its own complications (

Re: [mailop] SPF behavior on email forwarding

In other words, SPF check is not something what helps with SPAM here, seems that spammers adapted to it... As far as I know, SPF was never meant as an anti-spam measure. It was most definitely touted as an anti-spam measure. Some of us were there. Absolutely. Spent time listening to Meng Wo

Re: [mailop] Mailing Lists and domains with DMARC reject

Would a MUA send a POST to a known domain if it was found on a message coming from an unknown, or anyway different domain? Maybe.  It's quite common for a message to come from some company and the links to point back to the ESP. Isn't it difficult to agree on opaque tokens in that case? No.

Re: [mailop] Mailing Lists and domains with DMARC reject

Yes, the idea was to prevent malicious unsubs by sending fake spam with someone else's one-click unsub. Would a MUA send a POST to a known domain if it was found on a message coming from an unknown, or anyway different domain? Maybe. It's quite common for a message to come from some company

Re: [mailop] Mailing Lists and domains with DMARC reject

Yeah, RFC4871 was a proposed standard, RFC6376, four years later became an Internet standard. Once there was a level in between... Seems that 4 years was not enough ;-) Or we understand idea behind that RFC wrongly... Keep in mind that DMARC was invented long after SPF and DKIM. Also that t

Re: [mailop] warming up IPs, Microsoft?

Huh. We don't have any issues sending email to them from Linode, including a small number from one of our new IP addresses I've been trying to warm up. Linode has a bunch of different IP address blocks and I would expect recipients to block the ones that send annoying amounts of spam. That's

Re: [mailop] warming up IPs, Microsoft?

20 AM John R Levine wrote: I've been happy with a small provider called Tektonic. If you've never heard of them, that's a good sign. Thanks for the recommendation; unfortunately they wouldn't work for us. Their largest VM is less than half the size we would need for our d

Re: [mailop] warming up IPs, Microsoft?

Thanks for the recommendation; unfortunately they wouldn't work for us. Their largest VM is less than half the size we would need for our databases, also they don't appear to have an API to provision new VMs. If you need a big VM there's always AWS. They do a surprisingly good job of managing

Re: [mailop] warming up IPs, Microsoft?

On Sun, 5 Mar 2023, Mark Fletcher wrote: Best I can tell, in our 9+ years, being hosted by Linode has never been an issue wrt deliverability, and as a hosting provider, they've been nothing but responsive and reliable. That said, they were recently bought by Akamai, and have just raised prices.

Re: [mailop] Does gmail accept unicode character in From domain? I don't think so

It occurs to me that if you only have a handful of addresses with accented Latin characters, they are probably typos, not real addresses. Unless you're sending mail to south or southeast Asia, just get rid of them. On Fri, 3 Mar 2023, Alex Burch wrote: Thanks everyone. Is there any reason n

Re: [mailop] Does gmail accept unicode character in From domain? I don't think so

tps://www.activecampaign.com/sig/?u=aburch&c=1> On Fri, Mar 3, 2023 at 9:32 AM John R Levine wrote: Thanks everyone. Is there any reason not to just always use punycode for the domain and keep it pure ascii? Seems safer that way. Are there any known risks to doing that? "Alwa

Re: [mailop] Does gmail accept unicode character in From domain? I don't think so

Thanks everyone. Is there any reason not to just always use punycode for the domain and keep it pure ascii? Seems safer that way. Are there any known risks to doing that? "Always" in what context? The whole point of IDNs and EAI is so that people who don't speak English can use mail addresses

Re: [mailop] Mail Sending Self-Test Platform

Still, i am a bit wondering; Looking at the data flushed in so far (and already multiple bugs filed against implementations)... there are a lot of funny milters and often unmaintained software integrated in funny docker stacks (probably preaching to the choir there, but i have a lot of grievances

Re: [mailop] Mail Sending Self-Test Platform

dmarcv1 is a typo in the description (i correctly check for DMARC1, otherwise this would have shown up earlier); ?? The actual complaint is psd=n; Lemme see if i can make the report more clear re: where it complained. Do you maybe have some context on psd=n? I can't find it in 7489. It's in R

Re: [mailop] DMARC Stockholm syndrome, Reject vs spam folders

On Fri, 16 Sep 2022, Brandon Long wrote: For thirty years we all used mailing lists that didn't mess with the author's name or address, so you could easily reply eiher to the authors or the list (and please don't mansplain to me what Reply-To does.) That stopped working when AOL and Yahoo repurpo

Re: [mailop] FW: Did Google become stricter about RFC 5322?

On Fri, 15 Jul 2022, Michael Ellis wrote: The body text lines are likely more than 998 characters. They have a feature to break long lines but they didn't enable it. The headers lines will all be well below 998 characters. That's probably what's wrong. 5322 says all the lines, not just the

Re: [mailop] FTC Report on Feasibility of Creating a 'Do Not Email' List

Note that, in spite of DMARC, we still do not have per-user authentication. We have at least two flavors in PGP and S/MIME, When something exists for 30 years and has market penetration that cannot even rise to the level of being called 'meager'. /WE/ -- it, the Internet community -- does not

Re: [mailop] Spamhaus: Get more details about LISTING (Could a DMARC Report Address point to a spamtrap)?

On Tue, 17 May 2022, Tobias Fiebig wrote: However, judging from the state of DMARC reporting by the bounces hitting my report-from (_large_ orgs having non existent mailboxes in there etc.), I'd argue that the only thing that prevents ruf/rua that are stale for a decade is the age of RFC7489.

Re: [mailop] SMTP line wrapping breaking DKIM signatures when forwarding

On Thu, 28 Apr 2022, Dave Crocker wrote: Actually, for the current discussion, there is only a single issue: Should an intermediate relay get fussy and modify the substance of a message? That is one way to look at it, but as I said in the message you just replied to, in this case not

Re: [mailop] DKIM by the third party

My main point is this: ESPs and other 3rd party SMTP services - should be aware that using an SPF record that validates against the provider's domain in the SMTP envelope-FROM (and not the actual client's domain) - AND ALSO - having only one DKIM record which uses the provider's domain in the DK

Re: [mailop] Fwd: RFC 9228 on Delivered-To Email Header Field

On Thu, 14 Apr 2022, Dave Crocker wrote: Without knowing what mail software your provider is running, there is no way to tell. The benefit of an over-the-wire approach to specification writing is that all that matters is what goes... over the wire. One does not need to know the 'intent' or '

Re: [mailop] not a way to do abuse contacts, What am I supposed to do with abuse complaints on legit mail?

On Mon, 17 Jan 2022, Dan Mahoney wrote: It is quite simple to use RDAP to get the abuse contact email for anyone who has provided the info to their RIR. I do it all the time. The problem is that too many operators don't bother. If they don't tell the RIR, they are not likely to spend effort put

[mailop] Sendgrid spam of the day -- crypto.com phish

For full headers see http://spample.iecc.com/eam/23683557 R's, John -- Forwarded message -- Date: Fri, 31 Dec 2021 20:36:03 From: Crypto.com To: i...@taugh.com Subject: Case ID 23045 -Important Notice: Update Your Account [8fGHc0PkvWohUASUVORK5CYII=] Dear Valued Customer,

Re: [mailop] Privacy research spam apparently from a grad student at Princeton

Which domain? Feel free to encode it out as need be. It was in my first message: From: Privacy Practices Registered at Namecheap, mail sent from AWS R's, John On Dec 14, 2021, at 6:49 PM, John Levine via mailop wrote: It appears that Simon Arlott via mailop said: On 14/12/2021 18:53,

[mailop] Privacy research spam apparently from a grad student at Princeton

I got a couple of copies of this message to addresses scraped off my websites. It was sent from AWS cloud using a recently registered domain so it's likely a phish, but "Ross Teixeira" is a real person, a grad student at Princeton. Needless to say, sending blasts of spam to scraped addresses

[mailop] Bonus sendgrid spam of the day

Same outfit, same spamtrap address, this time touting our pals at AARP. So who is https://www.ninesevenpebble.com/ ? Full spam at http://spample.iecc.com/saa/23681599 Regards, John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this

[mailop] Sendgrid spam of the day

Sent to an address that has never been real but has been getting a lot of spam recently, touting insurance via one of those fake review sites that collects affiliate fees. Full copy here: http://spample.iecc.com/sys/23681598 Regards, John Levine, jo...@taugh.com, Taughannock Networks, Trumansb

Re: [mailop] WhatCounts/Costco silliness

From memory, I believe ... Why are you guessing? The CAN SPAM law and the FTC's CAN SPAM rule are easy to find online. lot of mail programs now recognize List-Unsubscribe and give you an option in the frame of the message which is easier to recognize 1. But others do not Well, if you

Re: [mailop] WhatCounts/Costco silliness

List-Unsubscribe: List-Unsubscribe-Post: List-Unsubscribe=One-Click I don't know which fools to blame; The client Costco, or their ESP WhatCounts. Perhaps both. Definitely both. I don't work for or with WhatCounts, but I know who does, so I nudged them

Re: [mailop] how SSL works, was IMAP and SMTP in the same or separated IPs?

On Fri, 15 Oct 2021, Michael wrote: I prefer to think that the company I pay $$ to for a cert, makes enough they don't have to sell our data. Remember, each lookup against Let's Encrypt shares information, that can be resold. Sorry, but that is simply wrong. It's not how SSL works. The whol

[mailop] Gosh I love sendgrid

Today's phish, sent directly from sendgrid to my father who has been dead since 2019. Relevant Received headers in the unlikely event anyone might want to track it down: Received: from o3.ptr4431.ordersnapp.com (o3.ptr4431.ordersnapp.com [167.89.47.140]) by mail1.iecc.com ([64.57.183.56])

Re: [mailop] DMARC: Anyone using pct=n with n !=0 and n !=100?

On Mon, 23 Aug 2021, A. Schulze wrote: Am 21.08.2021 um 20:30 schrieb John Levine: It appears that A. Schulze via mailop said: We review the reports once per month and inverstigate findings Depending on the current situation we plan to increase pct= If you mean the DMARC aggregate and failur

Re: [mailop] m-365 still works like a spammer !

On Sat, 24 Jul 2021, Lukas Tribus wrote: See SPF-aware greylisting: https://poolp.org/posts/2019-12-01/spf-aware-greylisting-and-filter-greylist/ Interesting idea, might try it sometime, but on my small system fuzzing IPs works well enough. I do have a whitelist but I find I only need to ad

Re: [mailop] DMARC Reject

Remember that when you publish p=reject, you're saying your mail is very UNimportant. If there's any doubt that a message is really from you, don't deliver it, throw it away. This makes sense if you are Paypal, you're phished 24/7/365, and your mail only says "something happened, look at your

Re: [mailop] So how do you actually manage to send mails to outlook/hotmail?

On Mon, 12 Jul 2021, Marcus Hoffmann wrote: (Others at Hetzner seem to do fine. I really do not get the whole rating IP neighborhoods thing, but let's not get into that again. I can't change it anyway.) I can only speak for myself, but I have all of Hetzner's IPs routed into the spam trap, an

Re: [mailop] Greylisting never passing on retry

On Wed, 21 Apr 2021, Peter Nicolai Mathias Hansteen wrote: SMTP was defined in the late 1970s and we didn't invent greylisting until about 2003. I don't think you can blame them for not being clairvoyant. No clairvoyance was required for taking account of greylisting in the 2008 update that th

Re: [mailop] SPF prevents enabling IPv4+IPv6?

On Tue, 2 Mar 2021, Otto J. Makela wrote: Unfortunately, RFC 7208 section 4.6.4 DNS Lookup limits also states: As described at the end of Section 11.1, there may be cases where it is useful to limit the number of "terms" for which DNS queries return either a positive answer (RCODE 0) with

Re: [mailop] Spamhaus Public Mirror Error Return Code Update

On Tue, 16 Feb 2021, Alessandro Vesely wrote: rcode[*], such as FORMERR/ REFUSED, possibly followed by a more precise extended error code[†]. Except that REFUSED means something else, When Spamhaus sends REFUSED, it means you're trying to query a server than only paying customers can use, bu

Re: [mailop] What's the point of secondary MX servers?

Unfortunately, many sending clients (newsletters, announcements, etc.) do not retry if the initial delivery fails. That's impressively broken. Do you have specific examples? Back when I was tuning my greylister I found some rather strange retries, but I don't recall many senders that didn't r

Re: [mailop] What's the point of secondary MX servers?

I use minger to validate secondary mx with the primary for account validity, is that not common then? If the primary is up, why would anyone be sending mail to the secondary? R's, John Sent from my iPad On 17 Dec 2020, at 21:28, John Levine via mailop wrote: As we all know, MX records

Re: [mailop] This is..Concerning: DatabaseUSA Wins Case Against The Spamhaus Project

By the way, Database USA has much bigger problems. It stole address lists from Infogroup (aka InfoUSA), founder Vinod Gupta's former company. A court found the company and Gupta each liable for over $10M, and Database USA declared bankruptcy: https://www.prnewswire.com/news-releases/appeals-

Re: [mailop] Google and Spam detection

Gmail has repeatedly said that they do not accept unauthenticated mail on IPv6. And with very good reason. Consider that you can very easily have a dedicated IP address for every email message you will ever send :-) Of course. Doesn't everyone do that? Regards, John Levine, jo...@taugh.com,

Re: [mailop] Rolling DKIM Key Disclosure

"Sorry, I think what you're looking for isnt useful, you're misinformed" isn't exactly a useful response when someone, especially a customer, asks for something, sadly. So what do you say when they demand 100% inbox placement and the ability to remotely delete mail they've already sent? Cust

Re: [mailop] Rolling DKIM Key Disclosure

Hmm? SSS/TLS has never signed the content of a website. It only authenticates temporary symmetric encryption keys which are used to encrypt (not sign) the contents. Aw, come on. Web servers send a certificate at the beginning of the transaction. If I cared, it would take about 10 seconds to

Re: [mailop] Is Gmails DMARC check broken?

In article <947f2235-ae10-47b5-90cd-f096d5648...@wordtothewise.com> you write: Why is Google applying a strict reject when the policy is p=none? It is my understanding that Google requires all IPv6 mail to be SPF or DKIM authenticated with or without DMARC. The "aspf=s" is probably the reason

Re: [mailop] what is spam was Re: [External] Re: Horrible week for email deliverability - Looking for help with RackSpace/Emailsrvr

On Fri, 27 Mar 2020, Kevin A. McGrail wrote: And I take a the approach that there are implicit consent in transactions.  For example, you buy something from XYZ big box store's website.  There is a 100% implicit consent that you can receive emails about that order such as a receipt and shipping s

Re: [mailop] [External] Re: Horrible week for email deliverability - Looking for help with RackSpace/Emailsrvr

Messages of all type but not a single feedback loop complaint.  These are definitely FPs as I disagree with your statement that a notice about COVID-19 from someone who signed up to a list would be false positives. ?? These are confirmed, opt-in customer / community lists.  Things like Fire Depa

Re: [mailop] [EXTERNAL] Strange MIME headers from Microsoft

Yeah, looking for someone to have a peek at that. Rather Strange, to say the least. I looked at the logs, there's quite a few, all seem from outlook hosted accounts. -Original Message- From: mailop On Behalf Of John Levine via mailop Sent: Friday, March 6, 2020 9:35 AM To: mailop@ma

Re: [mailop] [FEEDBACK] whose address, was Approach to dealing with List Washing services, industry feedback..

message (this time to the correct address), it will end up in the recipient's spam folder, without them knowing why. Don't do it to them. Just delete those messages, don't put them to spam. I disagree. If the sender wants eyeballs to see their emails, they need some incentive to put in place the

Re: [mailop] BIMI

On Tue, 10 Dec 2019, Brandon Long wrote: I guess it depends on how small. It's also that it's kind of self limiting, in the sense that if it's expensive enough that only few do it, then it doesn't have the same perceived bad effects like it would if 99% of mail had it. I think it could be a

Re: [mailop] Gmail marking email from me as spam

Are they still fundamentally constrained by their choice of network provider, despite complying with every possible security and delivery behaviour to warrant and verify the content and sender of every email? Yes. Remember, nobody else cares as much about the mail you send as you do. Has the

Re: [mailop] Gmail marking email from me as spam

It's a basic mistake to operate on whole netblocks and not individual senders. i somewhat disagree There are definitely networks that are so dirty that it's not worth accepting their mail. OVH hovers on the bad side of that line. If I were more interested in getting my mail to work than in

Re: [mailop] Gmail marking email from me as spam

Just because you should by default accept mail from everyone *unless* the sender proved to be nasty/harmful/mailicious etc.? what if the look quite plausibly harmful? Right. I didn't get the message you were responding to, so I looked in the logs and see the IP is in the middle of a block at

Re: [mailop] Anyone on this List with Access to Amazon SES Maillogs?

Hi, this is very odd, could you send a traceroute to those IPv6 destinations? I can confirm the servers do NOT refuse IPv6 connections. I suppose there is a transit problem from certain ISP. No, you're refusing the connections. When I connect via an IPv6 tunnel from HE you refuse the connectio

Re: [mailop] List of unused, big email-domains?

Tools can be used for good and bad purposes. At some level, an ESP is trusting mailing lists from their customers, and knows that some of those lists are bad, even if the customer claims the lists are on the up and up. Any "white hat" ESP is going to have various systems in place to try and catc

Re: [mailop] Is SenderID deprecated? (Udeme Ukutt)

On Fri, 5 Oct 2018, Stefano Bagnara wrote: Sender-ID records any more. How do you know that? Aren't they simple "TXT" records? How do you know what a dns lookup will read once it asked for TXT records? I know people who work there. And, that said, then don't tell that "SenderID" specificati

Re: [mailop] Lost DMARC reports reason (Was: DKIM headers - which do you sign and why?)

2) RFC is unclear about the minimal authorization record being "v=DMARC1" or "v=DMARC1\;" The semicolon is required. I filed an erratum. See https://www.rfc-editor.org/errata/eid5440 Regards, John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment be

Re: [mailop] DKIM headers - which do you sign and why?

When you put in the missing semicolon, what happened? On Wed, 25 Jul 2018, Stefano Bagnara wrote: On Wed, 25 Jul 2018 at 21:18, John R Levine wrote: For example, a TXT resource record at "*._report._dmarc.example.com" containing at least "v=DMARC1" confirms that examp

Re: [mailop] DKIM headers - which do you sign and why?

For example, a TXT resource record at "*._report._dmarc.example.com" containing at least "v=DMARC1" confirms that example.com is willing to receive DMARC reports for any domain. That appears to be a typo in the spec. Every valid DMARC record has a semicolon after v=DMARC1 Regards, John Levin

Re: [mailop] DKIM headers - which do you sign and why?

On Tue, 24 Jul 2018, Stefano Bagnara wrote: We wrote that a long time before anyone had imagined the mess that is DMARC. Well, if it is not valid anymore then we need an update... "You" made 3 revisions between 2007 and 2011 and then stopped updating it when it really started being used? ;-) Th

Re: [mailop] Sending mail to t-mobile.com

554 5.7.1 You are not allowed to connect. Which is probably deliberate because I'm connecting from residential cable (and I think it's listed on the DUL). The other source address is not (it's business cable). I get the 554 when connecting from consumer broadband (currently from Bavaria), but

Re: [mailop] Received header address information

I was specifically talking about querying a DNSBL with possible-forged IP addresses, not creating new listings or anything else. That wasn't clear. Anyway, you normally only look up the IP of the gateway host that sent the mail from their network to yours. Relays before that are often from h

Re: [mailop] question regarding support for international characters {dkim-fail}

Curious, isn't it, that the MSP EAI support we've talked about here is exclusively for other people's addresses, not for their own users? I know a few Indian providers that offer EAI addresses and I think a Chinese one. It's not surprising that the US providers don't do so, since as you note

Re: [mailop] question regarding support for international characters {dkim-fail}

On Wed, 11 Apr 2018, Ned Freed wrote: MTAs, maybe. But your typical MTA also acts as an MSA. Mine's atypical, the MSA is a separate program that I haven't tried to fix yet. At this point I'm exchanging EAI mail with other places, using the scanning hack to decide whether to look for SMTPUTF8

Re: [mailop] question regarding support for international characters {dkim-fail}

On Tue, 10 Apr 2018, Brandon Long wrote: I meant interpreting addresses in mail to my own mailboxes, the generalized version of case folding and subaddresses. Maybe you're right that undotted i's won't work in a lot of places, but I'd be surprised if they didn't work in Turkey. Aren't there st

Re: [mailop] question regarding support for international characters {dkim-fail}

The Gmail and Hotmail support handles other people's UTF-8 addresses in mail but they still don't provide UTF-8 addresses on their own systems. From what I can tell, Gmail and outlook.com's support is basically "just send UTF-8", that is, it will send EAI messages without the server offering the

Re: [mailop] question regarding support for international characters

We announced that it was supported back in 2014: https://googleblog.blogspot.com/2014/08/a-first-step-toward-more-global-email.html Were you referring to something else? No, I just wasn't paying attention. Oops. Regards, John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY Pleas

Re: [mailop] Is BitBounce for real?

This idea behind Betbounce is neither stupid nor new, and it's actually funny, because current proof of work (PoW) algorithms, including one in bitcoin,  are based on "hashcash" algorithm, and hashcash was initially developed to combat SPAM.  See https://en.wikipedia.org/wiki/Hashcash so the servi

Re: [mailop] unique/shared public DKIM keys per domain?

On Tue, 10 Oct 2017, David Hofstee wrote: Didn't Google mention they wanted the age of the keys to count in the spam score? I'll check but I would be surprised if it made much difference. I rotate my keys every month, which seems to be more often than anyone else in the world. and they like m

Re: [mailop] Many SPF failures lately

You appear to be making the naive assumption that every SPF record is correct, or worse, that whatever the SPF record must be correct even if it's not what the system manager intended, or it doesn't describe the domain's actual mail. In reality, nearly every SPF record is wrong, because SPF's

Re: [mailop] Many SPF failures lately

On Sat, 20 May 2017, frnk...@iname.com wrote: Are you saying that checking the box on our commercial spam filtering system’s “check SPF” feature, which quarantines messages that have SPF failures (-all), was a poor decision on my part? If it does that on a simple SPF failure with no other indi

Re: [mailop] Many SPF failures lately

Yet the senders, via their SPF records with a "-all", told me to reject those messages. As MTA's, we're doing what the send told us to do. I don't know about you, but I do not blindly follow instructions from random strangers. It rarely leads to good outcomes. For my users, I have the quai

Re: [mailop] Many SPF failures lately

On Fri, 19 May 2017, Luis E. Muñoz wrote: Well, it's not unheard of to see TOSes that contain provisions for spam/malware/illegal content filtering. Considering that from the 1st paragraph of RFC-7208 it's clear that the intent is to "authorize", I would think the shoe would fit. If I were lo

Re: [mailop] New sending range for MailChimp - 148.105.0.0/16

This was my bad when I sent this. I should have been more specific with the exact ranges that we are sending from: 148.105.11.0/25 148.105.12.0/24 148.105.13.0/24 148.105.14.0/25 The ranges listed above have rDNS and and actively sending. Since allocation of IPs for sending is rather dynamic

Re: [mailop] LOUDMOUTHS WANTED!! ICANN WHOIS Replacement Work URGENT IMPORTANT ACTION NEEDED

The reality is that the vast majority of domain registrations are made by businesses with no reasonable expectation of privacy. I'm not sure if this is actually true for new registrations. Prior to launch of a web site, many businesses are eager to conceal the identity of the domain holder, to

Re: [mailop] conventional wisdom, was Google rejects a TLS connection

On Fri, 17 Mar 2017, Eric Henson wrote: As a PCI compliant company, we have to go to great lengths to secure any system that stores, processes, or transacts credit card data. If that included our email servers, that would put every single mail server, every single mail client, including smart

Re: [mailop] Mails to microsoft

These kind of deliverability problems where causing so much pain to my (few) users, that I decided to move my mail domain to gmail about a year ago. That was the only reason. It's the death of small mail servers. I get mail from plenty of small mail servers, but the people who run them understa

Re: [mailop] Forwarding issues, was Mails to microsoft

having IMAP IDLE to everywhere... ugh, I guess. What's another million persistent connections. As the saying goes, if all you have is a hammer, everything looks like a thumb. I'd rather make forwarding more reliable. I've wanted to add an inbound gateway setting to consumer accounts, simil

Re: [mailop] Storing 821 envelope recipients in an 822.Header?

Legitimate eXtension headers as X- are easily filtered as "this is something you shouldn't pay attention to because it's not part of any standard". Take away the X- and you go back to the 'ok what is legitimate and what is not' situation... Oh, that's easy. They're all legitimate. If you're

  1   2   >