[Note that I'm replying to add a datapoint or two to this whole thread, rather than to just one person's comments. (The in-reply-to header has to be set to something, it might as well be the first post).]
To add to a long (looong) thread, let me add something indecipherable, but it requires looking at an image from google postmaster tools: https://imgur.com/a/BSANX0s <https://imgur.com/a/BSANX0s> According to this graph, for the past many, many days, we've had 100 percent SPF and DKIM compliance with all messages we send. But by the same graph, our dmarc compliance is all over the place. DMARC has no headers it adds to outbound mail, our record hasn't changed in months. If *either* SPF or DKIM validate 100 percent of the time, my DMARC should also be 100 percent, no? Is this because some machine under (our org) is sending invalidated mail for other domains, but for all mail received with a From: header of that org, everything looks good? (Like a listserv would do). If so, that's graphing two RADICALLY different things on the same misleading graph. (Also, the graphing algo hides the dmarc line behind the SPF line, c'mon google, you're smart enough to figure out how to overlap those lines visibiy). If this is our mailman lists causing this stupidity, does it make sense to stuff those under a secondary domain and a distinct /24 and /48? == Related, looking at dmarcian, we're having a bunch of chinese ipv4 addresses spoof us and attempt to send to google, but those also fail SPF *and* DKIM. We're a very old (older than gmail), short-named domain so it might make us attractive, but *none* of that spoofing shows in that google graph either. (https://imgur.com/a/nxrSMIK <https://imgur.com/a/nxrSMIK>) I'm trying to play the correct game here, but Google postmaster tools shows no ipv6 addresses when I click on "ip reputation", and until the issues a month ago, that was all we did. We've been dual stack for over a decade (although gmail hasn't). Things simply do not correlate. -Dan > On Apr 13, 2022, at 2:43 PM, Paul Vixie via mailop <[email protected]> wrote: > > it's troubling me that in a recent thread asking where to host mailboxes, > google was recommended several times, in spite of the fact that google is > provably wrong and provably non-transarent in how they decide what inbound > e-mail to reject. > > of all constituencies, this one, mailop, is one i would have expected to know > better than to cooperate with your oppressor. > _______________________________________________ > mailop mailing list > [email protected] > https://list.mailop.org/listinfo/mailop
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
