Hi,
Don't talk to me about the Microsoft blocklist! I've just had a recent
experience of same.
On June 11, 2015, my IP was blocked. No mail was accepted by their
servers. You know the drill: "Unfortunately, messages from
[XX>.XX.XX.XX] weren't sent. Please contact your Internet service
provider since part of their network is on our block list (S3150). You
can also refer your provider to
http://mail.live.com/mail/troubleshooting.aspx#errors.
[AM5EUR02FT013.eop-EUR02.prod.protection.outlook.com]" This was my first
experience with their blocklist or, for that matter, any ISP internal
blocklist. I signed up for their junkmail reporting program and smart
network data services. The next morning I figured out how to properly
submit a deliverability support ticket. About half an hour later, they
responded, indicating my IP was conditionally mitigated. End of
story…until September 26, 2018. Same thing all over again. Sent a
deliverability support request, got my IP mitigated. Keep in mind that
during both these incidents I was running a very high traffic mailing
list. After the second incident, I decided to move this particular list
to groups.io so that traffic would no longer be coming from my IP
address. That move went off without a hitch, and all my problems with
the Microsoft internal blocklist were behind me…
Please place your cassette player in fast forward mode until you reach
last Saturday, November 20, 2021. I woke up in the evening to some
bounce reports. You guessed it, Microsoft's blocklist reared its ugly
head again. Oh well, no big deal, I'll just fill out a deliverability
support request. For some reason it took several hours for them to
confirm my ticket. Okay this is good, I should be good to go in a
bit…not so much, as it turns out. When the response came in, I was
shocked to learn that my IP was "not qualified for mitigation." Not
qualified for mitigation? What? This had me extremely worried that maybe
someone had hacked my server and was sending out spam of which I was
unaware or something. So in a panic, I composed a letter detailing what
types of mail I send from my IP. Sent the message. Get a reply that
they're looking into it. Several anxious hours go by, in which I'm
worrying myself to death that they're going to reply and say, "We're not
going to mitigate anything for you, and we're not going to tell you why,
and there's nothing you can do about it." Then I finally! get the
response I've been waiting for, indicating that they've implemented
mitigation for my IP. Since they mitigated the problem, I assume that
means, in reality, I wasn't really doing anything that horrible in the
first place or they wouldn't have mitigated, but that makes me wonder
why the clearly automated "investigation" mitigated my IP twice, then
wouldn't the third time? Maybe it assumes if you get on their blocklist
three times there's clearly something wrong, even if each incident is
years apart? Who knows?
Jayson
On 11/29/2021 6:55 AM, Jon Baron wrote:
I have had a lot of experience with these things. Here are some
observations. I have a list of 4000+ subscribers around the world. I
have SPF and DKIM but not DMARC. (I never say much point in DMARC, and
it does not seem necessary.) Right now every single one of the 4000+
subscribers accepts the mail, most of the time. Occasionally I get
msssages (from Europe) saying that the mail has been blocked because
it is a "high probability of spam" or "looks like spam". This drives
me crazy. These spam-blocking systems are unregulated. They are like
snake oil. They should not be blocking mail without telling the
recipients, and this is what happens.
A few times, Microsoft has started blocking mail to ALL addresses with
domains of outlook, hotmail, msn, or live. Sometimes this was the
result of what you are talking about. I was told to sign up for
various things, including "sender support":
https://sendersupport.olc.protection.outlook.com/snds/
You can get data on what proportion of your mail counts as spam (if
you have enough mail, as we do). When they block mail, you can
complain:
https://support.microsoft.com/supportrequestform/8ad563e3-288e-2a61-8122-3ba03d6b8d75
(the one that works for me) or just
https://support.microsoft.com/supportrequestform/
If you complain, you will get an automatic reply saying that your
problem does not qualify for mitigation and that they are almost
always correct. Then you have to respond to that. After a few rounds
of this, you will get a response from what seems to be a human being,
who will tell you that they are taking your problem very seriously,
yada yada.
The last time this happened, they were completely blocking all make for
over a week, because my IPV4 address (the one they use) was part of a
range of addresses from which spam was being sent. Of course, I have
only one ipv4 address (from a cloud server, Linode). The problem seems
fixed for now, but I am warning new subscribers not to use
Microsoft-controlled addresses.
Of course they won't tell you HOW they decide that something is spam,
as this information would just make it easier for spammers.
(But I don't see what is so bad about spam. You just delete it; it
helps if possible spam goes to a spefific folder, but any system I've
seen makes many mistakes both ways, except spamassassin, which rarely
makes a false positive. The real problem is phishing, and there have
been no randomized control trials to see whether any system can
immunize people against that. I doubt that these spam detectors do it
effectively.)
Some references:
https://answers.microsoft.com/en-us/outlook_com/forum/all/hotmailoutlook-block-list-s3140-blocks-all-new/699f3a56-406e-4804-97e2-cbe23b9bb01c?page=2
https://lists.mailman3.org/archives/list/mailman-us...@mailman3.org/thread/CQ6R3WUVVLNOA3UFFCM42GVPKQDC5SPC/
And there are several things like this:
https://mxtoolbox.com/blacklists.aspx
But the list called UCEPROTECT3 (I think) is now, happily, widely
ignored, because it is based on spam coming from a large range of ipv6
addresses on a cloud server. Spamhause does something like this too,
but you can fix it by getting a "proper" ipv6 address that specifies
the range ("/64" at the end).
Some geneneral
On 11/29/21 00:51, Jayson Smith wrote:
Hi again,
Good point about DMARC. Does anyone know if Charter suddenly started
caring about some DMARC policies on or around this past Friday? I
have my list set to munge the From: lines of messages from senders
E.G. AOL, Yahoo, etc. that publish a DMARC rejection policy.
On a slightly different topic, I've heard from a few Outlook users
that list messages are consistently ending up in their junkmail
folders. Could this be because Microsoft doesn't like the fact that
my list is causing DMARC to fail, but not actually complaining to me
about it? I could solve this problem by having the list munge the
From: line for all messages, but sometimes that causes problems with
replying. In particular, several years ago when my lists were set up
to do that, Thunderbird users were having problems sometimes replying
to the sender of a message rather than the entire list.
Jayson
On 11/28/2021 11:45 PM, Mark Sapiro wrote:
On 11/28/21 7:58 PM, Jayson Smith wrote:
Hi,
One of my Mailman lists has a single member at Charter which has
occasionally bounced mail over the last few days. When this
happens, the reason given, when I look it up on their help page,
indicates the message I sent goes against the security policies
of my domain, and I should contact my domain administrator (that
would be me). I have SPF and DKIM set up, and a quick check at
dkimvalidator.com verifies they're both working. I assume this is
one of these annoying situations where Charter is seeing what's
clearly a transient DNS problem and treating it like a permanent
failure? Also I assume there's nothing I can do about this? Is
the problem likely to be at Charter's end or at my domain's
nameservers' end?
Only guessing, but this sounds like DMARC. Does your list apply
DMARC mitigations?
If it is DMARC, the issue is the message sent to the charter
subscriber is From: poster@posters.domain. posters.domain publishes
a DMARC policy of (probably) reject. Yahoo.com is one such common
domain. Your list modifies the message by content filtering,
subject prefixing, adding msg_footer or some other transformation
that breaks the posters.domain DKIM signature. Your SPF and DKIM
signatures pass, but they are not 'aligned' with posters.domain, so
they don't count for DMARC.
See https://wiki.list.org/DEV/DMARC
------------------------------------------------------
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/
------------------------------------------------------
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/
