On Fri, Jun 7, 2013 at 1:30 PM, Terry Ellison <ellison.te...@gmail.com>wrote:
> The background to this is that I am a community contributor to PHP > internals and have been actively engaged on the internals and pecl-dev > lists for over a year using my personal domain email address (terry at > ellisons dot org dot uk). When I attempted to post some comments on an > internals thread a week ago, I received a > > internals@lists.php.net SMTP error from remote mail server after MAIL > FROM: Terry at ellisons dot org dot uk > host pair1.php.net [76.75.200.58]: 550 5.7.1 reject mailfrom [xbl] > > There have been some reports of bounced mails on internals recently. I didn't follow up on the issue, but I would suggest opening a bug report for this. Also CCing to internals list since this probably isn't the correct list for this. > After 3 days or research and over 30 emails, most of which were being > bounced, and a LOT of personal frustration, I have finally adopted a > workaround which is to use my gmail account. > > As I have a workaround, this email is NOT a request for personal support. > It is to raise a flag that this issue might be a wider issue for other PHP > contributors who might just give up and take their contributions elsewhere. > What I want to share is my analysis in the hope that if this is a systemic > issue then it might help to prevent this happening. > > 1) My original mailbox has been active on php.net for over a year and has > never been used for spamming on PHP lists. > > 2) Thoughout this incident the spamhaus XBL gives my ellisons... domain a > green. It only hosts 3 active mailboxes and none have compromised to my > knowledge. > > 3) A week or so ago, something changed and as a result the php.netmailserver > began rejecting my ellisons... emails. > > 4) The mail denial has a wider scope than just me in that is any > contributor who now replies to any thread which includes my ellisons... > domain as a CC will also have their posts rejected. > > 5) I get my internet connection (and a dynamic class IP address) from the > main UK ISP, BT. My ISP registers Policy Block Lists (PBL) for all its > class B IP ranges with spamhuas: "It is the policy of BT Retail that > unauthenticated email sent from this IP address should be sent out only via > the designated outbound mail server allocated to BT Retail customers." The > key word to note here is *unauthenticated*. This is quite a common > practice for ISPs. > > 6) I also have a personal domain, ellisons dot org dot uk, which is hosted > by a 3rd party hosting service provider (HSP). My HSPs email service > doesn't use DKIM, so I have to rely on SPF instead, which I have configured > on my DNS entry for ellisons dot org dot uk. This is a valid > authentication mechanism, as can be seen from the following Google > mailserver report: > > Received-SPF: pass (google.com: domain of Terry at ellisons dot org > dot uk > designates 79.170.44.47 as permitted sender) client-ip=79.170.44.47; > > Authentication-Results: mx.google.com; > spf=pass (google.com: domain of Terry at ellisons dot org dot uk > designates > 79.170.44.47 as permitted sender) smtp.mail=Terry at ellisons dot > org dot uk > > 7) However, SPF filters are fragile in that if the mail is routed through > multiple hops, say, HSP -> intermediary -> php.net <http://php.net>, > then the receiving php.net <http://php.net> host might treat the > intermediary host as the sender, and the SPF filter check will then > incorrectly fail. This can then result in the SPAM filter on the mail > server incorrectly rejecting the message and also blacklisting the domain. > > As I said previously, I am now using gmail, a DKIM-authenticated service, > so I don't see any future problems personally, but I am concerned that this > might be a wider issue for other contributors who post from an ISP > allocated IP using a personal mail service. > > A) Can I suggest that a review of the rejection logs be correlated > against age of registration for that mailbox to see if this is a wider > issue? > > B) Can you please add a health warning on the mailing lists web page > suggesting that contributors use a DKIM-authenticated mail service for > contributing to the php.net lists? > > Regards > Terry Ellison > (previously posting under terry at ellisons dot org dot uk) > > -- > PHP Webmaster List Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
