On 9 May 2012, at 20:32, David wrote:
On Wed, May 9, 2012 at 4:01 PM, David <d...@fiteyes.com> wrote:
Re: Giving away the secrets of 99.3% email delivery
1. Constantly monitor spam blacklists. We have a set of Nagios alerts
that regularly check if we’re listed on any delivery blacklists, and
whenever they go off we take whatever corrective action we need to get
back
off the blacklist.
2. Have valid SPF records. Don’t impersonate your users. When
running a
web app like Basecamp, which sends email that are generated by another
user, it can be tempting to send the email from that user (e.g., so
that a
comment I wrote on Basecamp would appear to come from noah at
37signals dot
com), which might make people feel more comfortable. Unfortunately,
this is
a surefire way to end up on spam lists, since you’ll likely be
sending from
an IP address that does not have the valid SPF records. And chances
are, if
the user’s domain does have an SPF record, it doesn’t include your
application’s IP.
3. Sign the mail! DKIM and Domain Keys. Yahoo and Gmail both score
signed
email higher.
4. Dedicated and conditioned email sending IPs.
5. Configure reverse dns entries. Most of the “big boys” won’t
accept
mail from your servers if your reverse dns entries don’t match. You
might
need your IP provider to help with setting up these records.
6. Enroll in feedback loops. We haven’t automated our parsing of
feedback, but a daily / weekly review of feedback loop emails helps us
know
when there’s an unhappy user, or other problem. Too many complaints
and
you’ve got trouble.
Something about how you are composing mail is resulting in an ugly mess
on the receiving side, with your quoting completely broken. See above as
an example. Perhaps sending as HTML and having it whacked by Mailman...
I started by setting up an SPF record (#2 on the list above). However,
shortly after setting it up, we got a bounce with this reason:
SPF MAIL FROM check failed: [MAIL_FROM]
I searched a bit and came across things like this:
http://comments.gmane.org/gmane.org.user-groups.linux.new-zealand.general/34245
But nothing I found answered my questions.
Looking at the headers of the bounced message, I note:
Received-SPF: pass (domain of lists.example.com designates 10.10.10.99
as
permitted sender)
X-Originating-IP: [10.10.10.99]
That would seem to indicate things are OK, but maybe X-Originating-IP
isn't
the line I need to be looking at... I'm not sure what [MAIL_FROM] (in
the
SPF check failed line) matches in the email header.
This is probably running off the topical edge of the Mailman-Users list,
but I'll be brief.
Before publishing an SPF record, you should understand what SPF is and
how it works. If you don't understand it, don't try to use it.
SPF is a weak but sometimes useful mechanism that allows a SMTP server
to check whether a given SMTP envelope sender address (a.k.a.
"Return-Path" or "MAIL_FROM" or "bounce address") should be trusted as
valid when given by the particular IP address of an SMTP client, using
DNS records. In most cases it is only applied to the domain part of an
address.
There's not much else to say about your specific problem, since you seem
to have obfuscated everything of significance about the specific message
with a problem. For example, and most importantly, "lists.example.com"
is bogus.
The SPF coherency to check is between the outbound IP address of
whatever machine (at Yahoo??? ugh.) generated that bounce and the domain
you've obfuscated as lists.example.com. Your SPF record(s) need to the
reality of where mail systems to whom you are not known will be
receiving your mail from, not the original source of your mail. So if
you have made the inexplicable decision to route your mail out via
Yahoo, you need to consult with Yahoo about how to set up your SPF
record(s).
Also, I note:
X-YahooFilteredBulk: 10.10.10.99 <-- what does "X-YahooFilteredBulk"
mean?
Ask Yahoo. Any email header that starts with "X-" is non-standard and
could mean anything or nothing.
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
