The background to this is that I am a community contributor to PHP
internals and have been actively engaged on the internals and pecl-dev
lists for over a year using my personal domain email address (terry at
ellisons dot org dot uk). When I attempted to post some comments on an
internals thread a week ago, I received a
[email protected] SMTP error from remote mail server after MAIL
FROM: Terry at ellisons dot org dot uk
host pair1.php.net [76.75.200.58]: 550 5.7.1 reject mailfrom [xbl]
After 3 days or research and over 30 emails, most of which were being
bounced, and a LOT of personal frustration, I have finally adopted a
workaround which is to use my gmail account.
As I have a workaround, this email is NOT a request for personal
support. It is to raise a flag that this issue might be a wider issue
for other PHP contributors who might just give up and take their
contributions elsewhere. What I want to share is my analysis in the
hope that if this is a systemic issue then it might help to prevent this
happening.
1) My original mailbox has been active on php.net for over a year and
has never been used for spamming on PHP lists.
2) Thoughout this incident the spamhaus XBL gives my ellisons... domain
a green. It only hosts 3 active mailboxes and none have compromised to
my knowledge.
3) A week or so ago, something changed and as a result the php.net
mailserver began rejecting my ellisons... emails.
4) The mail denial has a wider scope than just me in that is any
contributor who now replies to any thread which includes my ellisons...
domain as a CC will also have their posts rejected.
5) I get my internet connection (and a dynamic class IP address) from
the main UK ISP, BT. My ISP registers Policy Block Lists (PBL) for all
its class B IP ranges with spamhuas: "It is the policy of BT Retail that
unauthenticated email sent from this IP address should be sent out only
via the designated outbound mail server allocated to BT Retail
customers." The key word to note here is *unauthenticated*. This is
quite a common practice for ISPs.
6) I also have a personal domain, ellisons dot org dot uk, which is
hosted by a 3rd party hosting service provider (HSP). My HSPs email
service doesn't use DKIM, so I have to rely on SPF instead, which I have
configured on my DNS entry for ellisons dot org dot uk. This is a valid
authentication mechanism, as can be seen from the following Google
mailserver report:
Received-SPF: pass (google.com: domain of Terry at ellisons dot org
dot uk
designates 79.170.44.47 as permitted sender) client-ip=79.170.44.47;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of Terry at ellisons dot org dot uk
designates
79.170.44.47 as permitted sender) smtp.mail=Terry at ellisons
dot org dot uk
7) However, SPF filters are fragile in that if the mail is routed
through multiple hops, say, HSP -> intermediary -> php.net
<http://php.net>, then the receiving php.net <http://php.net> host might
treat the intermediary host as the sender, and the SPF filter check will
then incorrectly fail. This can then result in the SPAM filter on the
mail server incorrectly rejecting the message and also blacklisting the
domain.
As I said previously, I am now using gmail, a DKIM-authenticated
service, so I don't see any future problems personally, but I am
concerned that this might be a wider issue for other contributors who
post from an ISP allocated IP using a personal mail service.
A) Can I suggest that a review of the rejection logs be correlated
against age of registration for that mailbox to see if this is a wider
issue?
B) Can you please add a health warning on the mailing lists web page
suggesting that contributors use a DKIM-authenticated mail service for
contributing to the php.net lists?
Regards
Terry Ellison
(previously posting under terry at ellisons dot org dot uk)
--
PHP Webmaster List Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
