Re: [mailop] Mailing Lists and domains with DMARC reject

[Brandon Long via mailop]

On Fri, Mar 3, 2023 at 10:07 AM Mark Fletcher via mailop 
wrote:

> On Fri, Mar 3, 2023 at 9:21 AM Jesse Hathaway via mailop <
> mailop@mailop.org> wrote:
>
>>
>> 1. Rewrite the RFC5322.From address to be an address from the mailing
>> list domain, place the original RFC5322.From address in the Reply-To
>> header. Sign the message with the mailing list's DKIM key.
>>
>> This is what we do.
>
> 2. Preserve the original DKIM signing of the message by only adding
>> additional headers, i.e. do not modify the subject or add a trailer
>> message.
>>
>> This was never an option for us, as our users want a subject tag and
> including a footer with an unsubscribe link is table stakes for a mailing
> list.
>

There is a legal argument that is the best way to meet the various
anti-spam laws... as in all things legal, there are a lot of different
laws in different countries and one might make an argument that an
unsubscribe header and button in mail clients would be sufficient... but
making
legal arguments to governments and courts is an expensive proposition with
uncertain results, following the path of least resistance means less pain.
Obviously, the liability is also very different for different
senders/orgs... and also opt-in vs opt-out probably has some bearing as
well, more technical
users can handle opt-in better and hopefully unsubscribing...

Brandon
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Mail Sending Self-Test Platform

[Grant Taylor via mailop]

On 3/2/23 12:27 PM, Tobias Fiebig via mailop wrote:

The tool looks for a perfect world, which there isn't. ...

Still, if i'd not deduct points for those things, everyone would get 
a 10. ;-)


I have no idea if your infrastructure / UI could support this or not, 
but what if you had an option to turn off / not count a test when 
displaying the results.


E.g. doesn't like lack of rDNS signing, so instead of saying 7 out of 8 
what if you said 7 out of 7* where the * means that some tests are 
disabled / ignored.




--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Mail Sending Self-Test Platform

[Grant Taylor via mailop]

On 2/28/23 2:51 PM, John Levine via mailop wrote:
It's not common and I would be astonished if anyone checked as part 
of delivery.


I wouldn't mind if the test called it out mostly in the sense that:
 - I would want case consistency
 - I'd be worried about tickling a bug in someone else's software / 
configuration thereof.


As such a polite heads up would be appreciated.



--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Mailing Lists and domains with DMARC reject

[Stephen Frost via mailop]

Greetings,

* Slavko via mailop (mailop@mailop.org) wrote:
> Dňa 3. marca 2023 17:03:35 UTC používateľ Jesse Hathaway via mailop 
>  napísal:
> >2. Preserve the original DKIM signing of the message by only adding
> >additional headers, i.e. do not modify the subject or add a trailer
> >message.

This is what we do (for lists hosted on lists.postgresql.org).

> This one will work only if sender doesn't oversigns List-* (or any other
> added) headers, and some domains does it in regular mails...

We've seen very very few (I'm not sure I specifically recally any..)
List-* oversign cases.  If we got those, I suspect we'd probably disable
that user and ask them to try and fix their email system.

> I was interesting in this, thus i log DKIM signed headers list (not from
> ML) for some weeks, oversigned List-* headers are not common, but
> happens.

I'm curious where it does happen and isn't actually from a mailing
list..  The List-* header would presumably be empty in that case and yet
still included in the signature?  I realize it's possible but ... ugh.

* Mark Fletcher via mailop (mailop@mailop.org) wrote:
> On Fri, Mar 3, 2023 at 9:21 AM Jesse Hathaway via mailop 
> wrote:
> > 1. Rewrite the RFC5322.From address to be an address from the mailing
> > list domain, place the original RFC5322.From address in the Reply-To
> > header. Sign the message with the mailing list's DKIM key.
>
> This is what we do.

Our users nearly rioted at this idea, for good reason, imv.

> 2. Preserve the original DKIM signing of the message by only adding
> > additional headers, i.e. do not modify the subject or add a trailer
> > message.
>
> This was never an option for us, as our users want a subject tag and
> including a footer with an unsubscribe link is table stakes for a mailing
> list.

Not being able to have an unsubscribe link is annoying but we've been
pretty successful having a List-Unsubscribe header that a lot of mail
clients recognize and will utilize to make a button to perform the
unsub using.  Getting that to happen on more would be interesting to us-
if anyone has info about how to specifically do that, please feel free
to pass that along.

> > Does anyone have any knowledge on which methodology is the most
> > successful for ensuring delivery.
> 
> I can't tell you if #2 ensures better delivery, but even doing option #1
> gotchas abound. Many domains, regardless of DMARC policy, do not like it if
> you send them an email with an RFC5322.From containing their own domain,
> for example. All messages to Outlook 365 domains need their
> Froms re-written. Many Exchange servers are set to silently drop messages
> unless you re-write From lines. On several occasions I have considered just
> re-writing ALL From lines, regardless of DMARC policy, but that is really
> not wonderful and when asked, our users were against that idea.

Only see one obvious office 365 user on our lists and their domain (as
this would be domain specific, no..?) doesn't have a DMARC policy.
That said, I do feel like we have pretty good delivery using approach
#1.  Admittedly, we aren't as big as others and our users are pretty
technical.  I'm fairly confident we deliver to a lot of exchange servers
though successfully and looking at domains that end up delivered to
outlook.com servers, there's certainly some with DMARC reject policy
that we successfully deliver to without any rewriting of the
RFC5322.From address.

> It's a maze of twisty little passages...

Indeed.

> We have to keep a list of domains that require special re-writing, which is
> updated by hand when people complain about deliverability issues.

... ew.

Thanks,

Stephen


signature.asc
Description: PGP signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] warming up IPs, Microsoft?

[Benny Pedersen via mailop]

John R Levine via mailop skrev den 2023-03-06 18:55:


Linode has a bunch of different IP address blocks and I would expect
recipients to block the ones that send annoying amounts of spam.
That's what I do.  So as likely as not, you're just lucky that you
don't have annoying neighbors.


linode do pr new vps give a ipv4 range with /24, but still only one 
usable to use, each vps can ask for more ipv4, but this will be another 
/24, doh :)


for ipv6 just ask, unlimited free, free as in /64 only
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] warming up IPs, Microsoft?

[John Levine via mailop]

It appears that Laura Atkins via mailop  said:
>In the B2C space domain reputation is more important than IP reputation 
>anyway. 
>
>You may also want to look at SSDNodes for VPSes. 

Looks fantastic except for the IPv6-only part.

I see the larger ones have both v4/v6, makes sense if you want servers that big.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] warming up IPs, Microsoft?

[Michael Rathbun via mailop]

On Mon, 6 Mar 2023 10:52:35 +, Laura Atkins via mailop 
wrote:

>I have had a number of clients over the last 3 or 4 years using SES without 
>any delivery problems that we could attribute to the IP addresses. Once we ran 
>through fixing the things under their control, delivery was great. 

I have a couple of recent (last two months) clients using SES who also saw no
problems, but then they had open rates that climbed to above 50% and complaint
rates close to the cube root of zero.

mdr

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] warming up IPs, Microsoft?

[John R Levine via mailop]

Huh. We don't have any issues sending email to them from Linode, including

a small number from one of our new IP addresses I've been trying to warm up.


Linode has a bunch of different IP address blocks and I would expect 
recipients to block the ones that send annoying amounts of spam.  That's 
what I do.  So as likely as not, you're just lucky that you don't have 
annoying neighbors.


Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] warming up IPs, Microsoft?

[Mark Fletcher via mailop]

On Mon, Mar 6, 2023 at 6:36 AM John Stoffel  wrote:

>
> I've been using digital ocean and then moved to Linode to home my
> personal domain @stoffel.org, but then I'm spending time looking to
> move again because charter.net is my town Cable company and a bunch of
> neighbors use @charter.net emails, and they (charter) just blanket ban
> Linode IP space.
>
> Huh. We don't have any issues sending email to them from Linode, including
a small number from one of our new IP addresses I've been trying to warm up.

Mark
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] warming up IPs, Microsoft?

[Atro Tossavainen via mailop]

> I believe it, but the more relevant question is what fraction that is of the 
> total
> mail they send.  I see way more real mail than spam from them.

I can only speak to the mail we see. I am sure all of the entities
that are sending to our spamtraps mostly send good email. I simply
could not have any visibility to the rest.
 
-- 
Atro Tossavainen, Founder, Partner
Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635)
Tallinn, Estonia
tel. +372-5883-4269, http://www.koliloks.eu/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] warming up IPs, Microsoft?

[Laura Atkins via mailop]

> On 5 Mar 2023, at 21:53, Mark Fletcher via mailop  wrote:
> 
> On Sun, Mar 5, 2023 at 1:15 PM John R Levine  > wrote:
>> 
>> If you need a big VM there's always AWS.  They do a surprisingly good job 
>> of managing outbound mail.  You get 62K messages/mo for free, then 10c per 
>> 1000 messages sent from a VM.
> 
> For the amount of email we send, that cost structure wouldn't work for us. 
> And I thought AWS SES didn't have a good reputation, although I admit it's 
> been awhile since I looked.

I have had a number of clients over the last 3 or 4 years using SES without any 
delivery problems that we could attribute to the IP addresses. Once we ran 
through fixing the things under their control, delivery was great. 

In the B2C space domain reputation is more important than IP reputation anyway. 

You may also want to look at SSDNodes for VPSes. 

laura 

-- 
The Delivery Experts

Laura Atkins
Word to the Wise
la...@wordtothewise.com 

Email Delivery Blog: http://wordtothewise.com/blog  






___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Intuit directly spaming

[Slavko via mailop]

Dňa 5. marca 2023 23:52:22 UTC používateľ Michael Rathbun via mailop 
 napísal:
>On Sun, 05 Mar 2023 21:48:46 +, Slavko via mailop 
>wrote:

>>mdr@LUSZ ~ $ host whois.pwhois.org
>>whois.pwhois.org is an alias for global.pwhois.org.
>>global.pwhois.org has address 208.74.248.120
>>global.pwhois.org has IPv6 address 2620:d1:4000:2::100
>
>Not sure what to offer in that regard.

Thanks, that was enough, i found it as blocked in one (external)
RPZ, i add exception and now it works.

I usualy check NXDOMAIN with public DNS resolvers too,
but either it had some temporary problem or  i didn't check
output carefuly enough...

regards


-- 
Slavko
https://www.slavino.sk/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop