Re: [mailop] Yahoo: SOA record per subdomain required?!

[Ken Peng via mailop]

> 
> The whole SOA topic is yahoo specific, but using www... as
> email's RHS is not good idea nowadays at all, as can cause
> delivery problem, because it is often in SPAMs from hacked
> web servers/sites, thus avoid it, if possible.
> 

It's not unnormal in regular operations.

for instance, the top domain i mentioned, co.in, does have this case.

pyh@mxin:~$ dig www.co.in soa +short
pyh@mxin:~$ dig www.co.in mx +short
1 mail.happyisp.com.


it's not a zone (neither soa), but have a valid MX rr.

As a comparison for com.cn:

pyh@mxin:~$ dig www.com.cn soa +short
dns1.hichina.com. hostmaster.hichina.com. 2022052002 3600 1200 86400 600

it's a valid zone though no MX defined for this zone.




--
  https://kenpeng.pages.dev/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Yahoo: SOA record per subdomain required?!

[Slavko via mailop]

Dňa 7. mája 2023 21:24:30 UTC používateľ Ken Peng via mailop 
 napísal:

>I have the question that,
>for example, co.in is in PSL, but the owner can reserve some names such as 
>www.co.in not open for registration.
>So this name has neither zone nor soa, but from my experience it does be 
>possible to have MX records.

AFAIK any DNS name can have MX record, except CNAMEs.
As was pointed already, A/ is enough to deliver emails
(by RFC), but MX is more clear that name has dedicated
MTA, thus is better (and intended for that).

The PSL is something strange, introduced by DMARC which
defines "organizational domain", which seems to be not as
clear as DMARC's authors think.

This PSL is not standardized and is maintained by Mozilla,
which is only as volunteer to do that. Hopefuly they do it in
public way, but one have to consider that list as suggestion
only, it is not used by all and AFAIK some orgs maintain
own lists.

The whole SOA topic is yahoo specific, but using www... as
email's RHS is not good idea nowadays at all, as can cause
delivery problem, because it is often in SPAMs from hacked
web servers/sites, thus avoid it, if possible.

The PSL itself supports exclusions, see eg.:

*.ck
!www.ck 

But if they are open to accept/add new excludes, i do not
know.

regards


-- 
Slavko
https://www.slavino.sk/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] PSL: SOA record per subdomain required?!

[John Levine via mailop]

It appears that Ken Peng via mailop  said:
>I have the question that,
>for example, co.in is in PSL, but the owner can reserve some names such as 
>www.co.in not open for registration.
>So this name has neither zone nor soa, but from my experience it does be 
>possible to have MX records.

It can, but I would't send mail with that domain in the return address
if I wanted it to be delivered.

People do all sorts of silly things with mail domains but that doesn't
mean it's a good idea. The .GT top level domain has had MX records
pointing at Gmail for at least a decade, but as far as I can tell it
has never worked.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] New to mass mailings

[H via mailop]

On 05/07/2023 12:11 PM, Al Iverson via mailop wrote:
> Here's my Microsoft Deliverability Guide, recently updated:
> https://www.spamresource.com/2023/04/isp-deliverability-guide-microsoft-olc.html
>
> The company I work for, we provide deliverability monitoring software
> and consulting services. Feel free to reach out if either interest
> you. Work email: al AT kickbox.com
> You can probably figure out the website from that, if you want to
> check it out yourself. :)
>
> Cheers,
> Al Iversion
>
Thank you, I'll begin by reviewing the guide you linked to.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] New to mass mailings

[H via mailop]

On 05/06/2023 11:50 PM, Atro Tossavainen via mailop wrote:
>> Understood. We plan to change the setup over the summer but until then we 
>> have to work with what we have. When we change we will probably set up our 
>> own postfix server for mail handling.
> As far as I can tell it's about a two hour job to do the latter.
>
>> I should have added that our future "mass mailings" would be around 1000 
>> emails per week or every two weeks, iow, not too much.
> What I said is not about your proposed activities but the fact that
> you're planning to share the reputation of your sendouts with that of
> any number of other Ionos customers.
>
>> I did check the Ionos sending IP address on a couple of websites, including 
>> mxtoolbox.com, and it is not listed.
> Good for you. That may change at any time for reasons that have nothing
> to do with you, and where the fix is also something you have no control
> over. My €.02 is biting the bullet and deploying your own server PDQ.
> It also makes it possible for you to do the DKIM signing you mentioned.
>
You are right and I agree. We'll look into get postfix up and running on our 
own server ASAP. Two hours might be an understatement, however... :-)

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Yahoo: SOA record per subdomain required?!

[Ken Peng via mailop]

May 8, 2023 at 12:17 AM, "Felix Fontein via mailop"  wrote:


> 
> Hi,
> 
> maybe this is related to in-berlin.de being on the Public Suffix List?
> This might explain why Yahoo treats subdomains of in-berlin.de
> differently than for subdomains of other domains (like e.mail.de
> mentioned by Ken).
> 
> Cheers,
> Felix
> 
> On Sun, 7 May 2023 12:27:21 +0200
> Carsten Schiefner via mailop  wrote:
> 
> > 
> > So, at least for the time being, it appears that the Y! universe
> >  handle this in a non-deterministic manner.
> >  
> >  Lovely.
> >  
Hello
I have the question that,
for example, co.in is in PSL, but the owner can reserve some names such as 
www.co.in not open for registration.
So this name has neither zone nor soa, but from my experience it does be 
possible to have MX records.

regards,
Ken Peng
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] PSL: SOA record per subdomain required?

[Bill Cole via mailop]

On 2023-05-07 at 16:53:51 UTC-0400 (Sun, 7 May 2023 22:53:51 +0200)
Carsten Schiefner via mailop 
is rumored to have said:


Hi John,

Am 07.05.2023 um 20:02 schrieb John Levine via mailop 
:




[…]



The same thing applies to all of these names, all in the PSL:



dyn-berlin.de
in-berlin.de
in-brb.de
in-butter.de
in-dsl.de
in-dsl.net
in-dsl.org
in-vpn.de
in-vpn.net
in-vpn.org



I haven’t checked all the TLDs mentioned, but just .de.


And I might have turned to the wrong list - but:

Textdokument · 238 KB

public_suffix_list

clearly does not list any public suffices for .de.


You're doing something wrong.

I see 74 domains listed there ending in .de. The specific ones in 
question start at line 12026.



Which precisely matches my current state of knowledge.


`grep '^\S*\.de$' public_suffix_list.txt` is enlightening.

--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] PSL: SOA record per subdomain required?

[Carsten Schiefner via mailop]

Please ignore the below - I haven’t been aware that the list is split into two sections.And I have looked at the first one only - my apologies!Am 07.05.2023 um 23:01 schrieb Carsten Schiefner :Hi John,Am 07.05.2023 um 20:02 schrieb John Levine via mailop :[…]The same thing applies to all of these names, all in the PSL:dyn-berlin.dein-berlin.dein-brb.dein-butter.dein-dsl.dein-dsl.netin-dsl.orgin-vpn.dein-vpn.netin-vpn.orgI haven’t checked all the TLDs mentioned, but just .de.And I might have turned to the wrong list - but:public_suffix_listTextdokument · 238 KBclearly does not list any public suffices for .de.Which precisely matches my current state of knowledge.Hope you can clarify.Thanks and best,-C.___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] PSL: SOA record per subdomain required?

[Carsten Schiefner via mailop]

Please ignore the below - I haven’t been aware that the list is split into two sections.And I have looked at the first one only - my apologies!Am 07.05.2023 um 23:01 schrieb Carsten Schiefner :Hi John,Am 07.05.2023 um 20:02 schrieb John Levine via mailop :[…]The same thing applies to all of these names, all in the PSL:dyn-berlin.dein-berlin.dein-brb.dein-butter.dein-dsl.dein-dsl.netin-dsl.orgin-vpn.dein-vpn.netin-vpn.orgI haven’t checked all the TLDs mentioned, but just .de.And I might have turned to the wrong list - but:public_suffix_listTextdokument · 238 KBclearly does not list any public suffices for .de.Which precisely matches my current state of knowledge.Hope you can clarify.Thanks and best,-C.___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Yahoo: SOA record per subdomain required?!

[Bill Cole via mailop]

On 2023-05-07 at 15:12:54 UTC-0400 (Sun, 7 May 2023 19:12:54 +)
Gellner, Oliver via mailop 
is rumored to have said:

While I’m not affiliated with Yahoo, I see no reason to bash them in 
this regard. To reduce spam they don’t want to accept emails from 
made-up / non-existing domains, which is a legit concern. They query 
for SOA records to verify whether a given domain exists, which is 
unusual but actually less strict than requiring additional A or MX 
records.


How so?

A SOA is unrelated to email operationally. A name MUST have either an MX 
record or an A record (does anyone do  fallback?) to work as the 
domain part of an email address. Without one of those, an address is by 
definition undeliverable. The SOA record is all administrative detail; 
the only truly critical content is the serial number and that is only 
critical to caching resolvers.


If they are limiting this to domain tails on the PSL, that at least 
limits the damage and makes some sense. People possibly harmed in that 
case can at least address the problem directly themselves.


It would be nice if Yahoo clarified what they are actually doing.


--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Yahoo: SOA record per subdomain required?!

[Gellner, Oliver via mailop]

> On 07.05.2023 at 18:54 Felix Fontein via mailop wrote:
>
> maybe this is related to in-berlin.de being on the Public Suffix List?
> This might explain why Yahoo treats subdomains of in-berlin.de
> differently than for subdomains of other domains (like e.mail.de
> mentioned by Ken).

To put it more technically or in mail related terms: e.mail.de belongs to the 
same organizational domain as mail.de and mail.de has a SOA record. So 
e.mail.de as its subdomain is fine. foo.in-berlin.de on the other hand does not 
belong to the same organizational domain as in-berlin.de or bar.in-berlin.de, 
if you take the private area of the PSL into account. Hence foo.in-berlin.de 
needs its own SOA record and does not inherit it from in-berlin.de or .de.

While I’m not affiliated with Yahoo, I see no reason to bash them in this 
regard. To reduce spam they don’t want to accept emails from made-up / 
non-existing domains, which is a legit concern. They query for SOA records to 
verify whether a given domain exists, which is unusual but actually less strict 
than requiring additional A or MX records.
Even without the help of Yahoo the issue can be fixed by removing in-berlin.de 
from the PSL or by not spanning a single DNS zone across unrelated domains 
which are in no trust relationship to each other.

—
BR Oliver


dmTECH GmbH
Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe
Telefon 0721 5592-2500 Telefax 0721 5592-2777
dmt...@dm.de * www.dmTECH.de
GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927
Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher

Datenschutzrechtliche Informationen
Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser 
ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in 
Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder sich 
bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen unter 
anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren Rechten sowie 
die Kontaktdaten unserer Datenschutzbeauftragten finden Sie 
hier.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] PSL: SOA record per subdomain required?

[John Levine via mailop]

It appears that Felix Fontein via mailop  said:
>maybe this is related to in-berlin.de being on the Public Suffix List?

Bingo.  If you add your domain to the PSL, you're saying that all of its
subdomains are under different management.

In that case, it's not unreasonable to expect each of those subdomains
to be in a separate zone which of course has its own SOA.

The separate zones can all be on the same nameservers, so this is a
problem that in-berlin can fix by reorganizing the DNS on their
existing servers.

The same thing applies to all of these names, all in the PSL:

dyn-berlin.de
in-berlin.de
in-brb.de
in-butter.de
in-dsl.de
in-dsl.net
in-dsl.org
in-vpn.de
in-vpn.net
in-vpn.org

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Yahoo: SOA record per subdomain required?!

[Felix Fontein via mailop]

Hi,

maybe this is related to in-berlin.de being on the Public Suffix List?
This might explain why Yahoo treats subdomains of in-berlin.de
differently than for subdomains of other domains (like e.mail.de
mentioned by Ken).

Cheers,
Felix



On Sun, 7 May 2023 12:27:21 +0200
Carsten Schiefner via mailop  wrote:

> So, at least for the time being, it appears that the Y! universe
> handle this in a non-deterministic manner.
> 
> Lovely.
> 
> On 07.05.2023 11:57, Ken Peng via mailop wrote:
> > May 7, 2023 at 2:17 PM, "Matt Palmer via mailop"
> >  wrote:  
> >>
> >> [...]
> >>
> >> It's deliberate, and documented:
> >>
> >> https://senders.yahooinc.com/smtp-error-codes/#unresolvable-from-domain
> >>
> >>  
> > 
> > Hello
> > 
> > After my test, the subdomain e.mail.de can delivery messages to
> > yahoo.com. And, e.mail.de has no soa RR as well.
> > 
> > $ dig e.mail.de soa +short
> > 
> > gets nothing.
> > 
> > I am guessing yahoo is blocking the specified subdomains, not all.
> > 
> > As a comparision, I sent another mail from my alumni email,
> > alumni.nd.edu.
> > 
> > This is a real zone, has soa defined.
> > 
> > $ dig alumni.nd.edu soa +short
> > ns1.nd.edu. dns.nd.edu. 209 10800 3600 1209600 900
> > 
> > And the message was delivered to yahoo successfully.
> > 
> > Anyway yahoo should not reject a message only b/c its domain has no
> > SOA.
> > 
> > 
> > regards,
> > Ken Peng  
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] New to mass mailings

[Al Iverson via mailop]

Here's my Microsoft Deliverability Guide, recently updated:
https://www.spamresource.com/2023/04/isp-deliverability-guide-microsoft-olc.html

The company I work for, we provide deliverability monitoring software
and consulting services. Feel free to reach out if either interest
you. Work email: al AT kickbox.com
You can probably figure out the website from that, if you want to
check it out yourself. :)

Cheers,
Al Iversion

-- 

Al Iverson / Deliverability blogging at www.spamresource.com
Subscribe to the weekly newsletter at wombatmail.com/sr.cgi
DNS Tools at xnnd.com / (312) 725-0130 / Chicago (Central Time)
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Yahoo: SOA record per subdomain required?!

[Carsten Schiefner via mailop]

So, at least for the time being, it appears that the Y! universe handle 
this in a non-deterministic manner.


Lovely.

On 07.05.2023 11:57, Ken Peng via mailop wrote:

May 7, 2023 at 2:17 PM, "Matt Palmer via mailop"  wrote:


[...]

It's deliberate, and documented:

https://senders.yahooinc.com/smtp-error-codes/#unresolvable-from-domain




Hello

After my test, the subdomain e.mail.de can delivery messages to yahoo.com.
And, e.mail.de has no soa RR as well.

$ dig e.mail.de soa +short

gets nothing.

I am guessing yahoo is blocking the specified subdomains, not all.

As a comparision, I sent another mail from my alumni email, alumni.nd.edu.

This is a real zone, has soa defined.

$ dig alumni.nd.edu soa +short
ns1.nd.edu. dns.nd.edu. 209 10800 3600 1209600 900

And the message was delivered to yahoo successfully.

Anyway yahoo should not reject a message only b/c its domain has no SOA.


regards,
Ken Peng

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Yahoo: SOA record per subdomain required?!

[Slavko via mailop]

Dňa 7. mája 2023 6:17:59 UTC používateľ Matt Palmer via mailop 
 napísal:

>It's deliberate, and documented:

Perhaps it is time to ignore yahoo's DMARC (and perhaps
DKIM) TXT records, as this "subdomain" hasn't SOA record
and then reject emails due lack of DMARC. And do not
forget check SOA on PTR domain, this can be very efficient,
as one can reject on connection, before banner is sent...

Stupid suggestions? Yes, as these records has little to do
with SOA, but it is the same policy... But when policy, then
policy :-P

It is something as my previous DNS provider required -- to
have A (not ) record for name **with** MX record (not
name from MX). I switched to another one (but there was
multiple problems)...

If it is meant as anti-spam, then they just tell: "we are not
able to filter emails properly, thus we have to investigate
some 'innovation'". Perhaps they get that as suggestion by
ChatGPT consultation...

I am really happy, that i can ignore yahoo at all ;-)

have nice day


-- 
Slavko
https://www.slavino.sk/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Yahoo: SOA record per subdomain required?!

[Ken Peng via mailop]

May 7, 2023 at 2:17 PM, "Matt Palmer via mailop"  wrote:


> 
> On Sun, May 07, 2023 at 04:48:11AM +0200, Ángel via mailop wrote:
> 
> > 
> > None of those would now be able to email yahoo accounts, apparently. I
> >  find it hard to believe that they may have added such restriction on
> >  purpose. It may be that a check inadvertently added a dependency on th
> >  domain part of the email address having a SOA record. Or even that
> >  their statement that they now require a SOA was actually wrong and your
> >  issue slightly different.
> > 
> 
> It's deliberate, and documented:
> 
> https://senders.yahooinc.com/smtp-error-codes/#unresolvable-from-domain
> 
>

Hello

After my test, the subdomain e.mail.de can delivery messages to yahoo.com.
And, e.mail.de has no soa RR as well.

$ dig e.mail.de soa +short

gets nothing.

I am guessing yahoo is blocking the specified subdomains, not all.

As a comparision, I sent another mail from my alumni email, alumni.nd.edu.

This is a real zone, has soa defined.

$ dig alumni.nd.edu soa +short
ns1.nd.edu. dns.nd.edu. 209 10800 3600 1209600 900

And the message was delivered to yahoo successfully.

Anyway yahoo should not reject a message only b/c its domain has no SOA.


regards,
Ken Peng
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] SMTP disconnect… (Was: Hosteurope contact?)

[Hans-Martin Mosner via mailop]

Am 07.05.23 um 00:12 schrieb Thomas Walter via mailop:

Turns out

mx-out-02:~$ nc mx0.webpack.hosteurope.de 25
220 mx0.webpack.hosteurope.de ESMTP (mi005.mc1.hosteurope.de) (even more power) 
Sun, 07 May 2023 00:03:13 +0200
ehlo mx-out-02.fh-muenster.de
550-REJECT: 212.201.120.206 is in csi.cloudmark.com :
550-Listed as Poor Reputation Sender. Cloudmark Sender Intelligence Reputation
550 Remediation Portal https://csi.cloudmark.com/en/reset (ID:550:3:0)
mx-out-02:~$

All this trying to figure out what's going wrong, contacting support, etc. could've been avoided if they followed the 
RFC?


https://www.rfc-editor.org/rfc/rfc5321#section-4.1.1.10

4.1.1.10.  QUIT (QUIT)

   This command specifies that the receiver MUST send a "221 OK" reply,
   and then close the transmission channel.

   The receiver MUST NOT intentionally close the transmission channel
   until it receives and replies to a QUIT command (even if there was an
   error).

Or is there a new version to the standards that allows this? 


It's probably not sanctioned by the standards, but considering the aggressive push of spam mails into our systems I can 
understand when mailops reduce communication with a perceived bad sender to a minimum. However, a properly coded 
mailserver should adhere to the standards even if its operators choose to turn away SMTP clients early.


OTOH, your mail server acting as an SMTP client should handle the 550 code and at least log it, even if the other side 
behaves out of spec. Such information can be useful.


Cheers,
Hans-Martin

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Yahoo: SOA record per subdomain required?!

[Matt Palmer via mailop]

On Sun, May 07, 2023 at 04:48:11AM +0200, Ángel via mailop wrote:
> None of those would now be able to email yahoo accounts, apparently. I
> find it hard to believe that they may have added such restriction on
> purpose. It may be that a check inadvertently added a dependency on th
> domain part of the email address having a SOA record. Or even that
> their statement that they now require a SOA was actually wrong and your
> issue slightly different.

It's deliberate, and documented:

https://senders.yahooinc.com/smtp-error-codes/#unresolvable-from-domain

It's also a completely unhinged policy.  But, then again, Yahoo!'s been so
deranged for so long that the boss of a job I worked at the better part of a
decade ago decided that if someone complained about not receiving our email,
he'd tell them to find another mail provider, because he was Done Putting Up
With Yahoo's Bullshit.

- Matt

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop