Re: [mailop] Is forwarding to Gmail basically dead?
On Wed, 2024-02-14 at 21:31 +0900, Byunghee HWANG (황병희) via mailop wrote: > Hellow Cyril, > > On Wed, 2024-02-14 at 11:06 +0100, Cyril - ImprovMX via mailop wrote: > > That's a good argument. I can do even better: > > > > Email is not designed for spam. Stop spamming. Problem solved. > > Yes, you are right. And I know what you're thinking. > > But please give me a chance to say this. > > Even if you catch spam emails with SPF, I think you should be able to > distinguish between legitimate emails -- this is forwarding emails. > > Isn't it? > > That's why I like Google. Google accepts forwarding emails even if > SPF/DMARC fails. Actually, i don't solve SPAM problem with SPF. So I don't use SPF. As I continued to say in previous threads, this is because forwarding is necessary. SPF causes problems in forwarding. My goal is to receive all emails from the Debian project's debian-bugs- dist mailing to my Gmail INBOX. Yes, my main goal is to contribute to the Debian project. Hence I needed forwarding technology. After all, I've found the way. That is DKIM/ARC. Thank you! Sincerely, Byunghee -- ^고맙습니다 _布德天下_ 감사합니다_^))// signature.asc Description: This is a digitally signed message part ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is forwarding to Gmail basically dead?
Hellow Cyril, On Wed, 2024-02-14 at 11:06 +0100, Cyril - ImprovMX via mailop wrote: > That's a good argument. I can do even better: > > Email is not designed for spam. Stop spamming. Problem solved. Yes, you are right. And I know what you're thinking. But please give me a chance to say this. Even if you catch spam emails with SPF, I think you should be able to distinguish between legitimate emails -- this is forwarding emails. Isn't it? That's why I like Google. Google accepts forwarding emails even if SPF/DMARC fails. Sincerely, Byunghee ps. Your mail was my spam trap -- HTML Email. -- ^고맙습니다 _布德天下_ 감사합니다_^))// signature.asc Description: This is a digitally signed message part ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is forwarding to Gmail basically dead?
Hellow Benny, > (...) please be open minded, you already is using opensource Thanks, usually i don't say 'No' to someone i like. In any case. I'm going to try your advice someday. Thanks again Benny! Sincerely, Byunghee -- ^고맙습니다 _布德天下_ 감사합니다_^))// signature.asc Description: This is a digitally signed message part ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is forwarding to Gmail basically dead?
Hellow Benny, > spf is not designed for forwarding, stop forwarding, problem solved Yes, you are right! And if Google stops email service, i will also stop forwarding. Sincerely, Byunghee -- ^고맙습니다 _布德天下_ 감사합니다_^))// signature.asc Description: This is a digitally signed message part ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is forwarding to Gmail basically dead?
Hellow Slavko, > If we will not change something, we will waste more power > in fighting, than for providing service. And IMO providing > service have to be goal... I really strongly agree with this opinion. That's why I wish people in the world didn't use SPF. SPF is a serious obstacle when forwarding. Sincerely, Byunghee -- ^고맙습니다 _布德天下_ 감사합니다_^))// signature.asc Description: This is a digitally signed message part ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is forwarding to Gmail basically dead?
Good morning everyone, On Thu, 2024-02-08 at 13:37 +0900, Byunghee HWANG (황병희) via mailop wrote: > Hellow Jarland, > > 2-07 at 20:51 -0600, Jarland Donnell via mailop wrote: > > (...) > > Is it time to throw in the towel on email forwarding? Nearly 100% > > of > > users who forward email do so because they want it in Gmail. (...) > > How about this? > https://gitlab.com/soyeomul/stuff/-/raw/7a68692f2a6f7c5b03f7a5fa04bb79167c04cab2/82963489e8bbeb08644aeba29f722...@mxroute.com > For the record, i attach server log while forwarding... Feb 8 03:02:35 yw-1204 postfix/smtpd[38197]: connect from yw- 0919.doraji.xyz[2600:1900:4000:af49:0:3::] Feb 8 03:02:35 yw-1204 postfix/smtpd[38197]: Trusted TLS connection established from yw-0919.doraji.xyz[2600:1900:4000:af49:0:3::]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X 25519 server-signature RSA-PSS (2048 bits) client-signature RSA-PSS (2048 bits) Feb 8 03:02:36 yw-1204 postfix/smtpd[38197]: 28E65217: client=yw- 0919.doraji.xyz[2600:1900:4000:af49:0:3::] Feb 8 03:02:36 yw-1204 postfix/cleanup[38200]: 28E65217: message- id=<82963489e8bbeb08644aeba29f722...@mxroute.com> Feb 8 03:02:36 yw-1204 opendkim[647]: RFC2822.From: Jarland Donnell via mailop Feb 8 03:02:36 yw-1204 opendkim[647]: RFC2822.Reply-To: jarl...@mxroute.com Feb 8 03:02:36 yw-1204 opendkim[647]: RFC2821.MailFrom: mailop-boun...@mailop.org Feb 8 03:02:36 yw-1204 opendkim[647]: RFC2821.ORCPT: soyeomul+...@gmail.com Feb 8 03:02:36 yw-1204 opendkim[647]: RFC2822.RCVD-1: from filter006.mxroute.com ([136.175.111.2] filter006.mxroute.com)#012 (Authenticated sender: mN4UYu2MZsgR)#012 by mail-108-mta73.mxroute.com (ZoneMTA ) with ESMTPSA id 18d86a07387466.001#012 for #012 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384);#012 Thu, 08 Feb 2024 02:51:18 + Feb 8 03:02:36 yw-1204 opendkim[647]: RFC5598.ADMD (Best Guess): mailop.org Feb 8 03:02:36 yw-1204 opendkim[647]: 28E65217: DKIM-Signature field added (s=yw-1204-doraji-xyz, d=doraji.xyz) Feb 8 03:02:36 yw-1204 opendkim[647]: 28E65217: DKIM-Signature field added (s=YW, d=doraji.xyz) Feb 8 03:02:36 yw-1204 postfix/qmgr[29723]: 28E65217: from=, size=5812, nrcpt=1 (queue active) Feb 8 03:02:36 yw-1204 postfix/smtpd[38197]: disconnect from yw- 0919.doraji.xyz[2600:1900:4000:af49:0:3::] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7 Feb 8 03:02:36 yw-1204 postfix/smtp[38201]: Verified TLS connection established to gmail-smtp-in.l.google.com[2a00:1450:400c:c00::1a]:25: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exch ange X25519 server-signature ECDSA (P-256) server-digest SHA256 Feb 8 03:02:37 yw-1204 postfix/smtp[38201]: 28E65217: to=, relay=gmail-smtp- in.l.google.com[2a00:1450:400c:c00::1a]:25, delay=0.86, delays=0.26/0.02/0.32/0.27, dsn=2.0.0, status=se nt (250 2.0.0 OK 1707361357 l9-20020a05600c4f0900b0040fdd32af73si137461wmq.225 - gsmtp) Feb 8 03:02:37 yw-1204 postfix/qmgr[29723]: 28E65217: removed Forwarder's duties are: (1) Delivering to Gmail without failure. (2) Preserving the RFC2822.From header as is. So DKIM(+ARC for big ESPs) is best solution, i think. More screenshot, here: (DMARC p=REJECT email with forwarding) https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043539#93 Sincerely, Byunghee -- ^고맙습니다 _布德天下_ 감사합니다_^))// ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is forwarding to Gmail basically dead?
Hellow Jarland, 2-07 at 20:51 -0600, Jarland Donnell via mailop wrote: > (...) > Is it time to throw in the towel on email forwarding? Nearly 100% of > users who forward email do so because they want it in Gmail. (...) How about this? https://gitlab.com/soyeomul/stuff/-/raw/7a68692f2a6f7c5b03f7a5fa04bb79167c04cab2/82963489e8bbeb08644aeba29f722...@mxroute.com Sincerely, Byunghee -- ^고맙습니다 _布德天下_ 감사합니다_^))// ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] DMARC on srs forwarding domains?
Hellow Matus, On Sun, 2024-02-04 at 16:02 +0100, Matus UHLAR - fantomas via mailop wrote: > > Am 02.02.24 um 16:08 schrieb Mark E. Jeftovic via mailop: > > > We're having a bit of a theological debate internally on whether > > > to > > > implement DMARC on our SRS forwarder domains. > > On 02.02.24 16:26, Kai Bojens via mailop wrote: > > Skip SRS and implement ARC for forwarded e-mails. This should solve > > all these problems. > > Does anyone blindly trust ARC signatures from random domains? They(DKIM/ARC) are not distinguishing whether the sender is a good person or a bad person. They only verify that the sender has a legitimate passport. Instead, please use *DNSWL* to determine whether the sender is a good person or a bad person. > I find it a huge difference between DKIM signatures (I sign this mail > being > from my domain) and ARC signature (I sign that this mail was received > from > whitehouse.gov properly verified and signed). Sincerely, Byunghee -- ^고맙습니다 _布德天下_ 감사합니다_^))// ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] DMARC on srs forwarding domains?
Hellow Kai, On Fri, 2024-02-02 at 16:26 +0100, Kai Bojens via mailop wrote: > Am 02.02.24 um 16:08 schrieb Mark E. Jeftovic via mailop: > > > We're having a bit of a theological debate internally on whether to > > implement DMARC on our SRS forwarder domains. > > Skip SRS and implement ARC for forwarded e-mails. This should solve > all > these problems. I completely agree with this. And i know that several famous projects have deployed ARC (RFC 8617). Linux Kernel Project, FreeBSD Project and Postfix mailing list. Thanks! Sincerely, Byunghee -- ^고맙습니다 _布德天下_ 감사합니다_^))// ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] For the record, anyone tell me what specific Gmail email flows allows duplicate Return-Path as shown below?
Hellow Michael, On Wed, 2024-01-31 at 09:08 -0800, Michael Peddemors via mailop wrote: > X-Gm-Message-State: > AOJu0Yygtd3O5YdS/rWj45vxya0hwrYa/BjQf5JxGSCWzAx9RXR9bryH > LpU0oZbfEz95pt1aYhcAMT1+ArGYrI6GtRLuJdtIEEHgVc36TLiys7kql09B > 4icWlFB6/0HAW7R > L84tjrA== > X-Google-Smtp-Source: > AGHT+IHJ80+WwCu4hMgvckgAPlSHw5qrXfLxQgaNiEfLv7pnjJvoeHyju4z8pvBZv1ELB > kh6pusbJQ== > X-Received: by 2002:a05:6a20:52a8:b0:19c:b3db:7aed with SMTP id > o40-20020a056a2052a800b0019cb3db7aedmr3266982pzg.46.1706675336094; > Tue, 30 Jan 2024 20:28:56 -0800 (PST) > Return-Path: > > Received: from iZ4csyme2vmqlcZ ([47.236.118.246]) > by smtp.gmail.com with ESMTPSA id > g20- > 20020a62e31400b006dacfab07b6sm8690666pfh.121.2024.01.30.20.28.54 > for > (version=TLS1 cipher=ECDHE-ECDSA-AES128-SHA bits=128/128); > Tue, 30 Jan 2024 20:28:55 -0800 (PST) > Message-ID: <65b9cc87.620a0220.bdac.b...@mx.google.com> > > ... > > This appears to be a normally authenticated ESMPTSA session, but from > an > IP Address in the Alibaba cloud.. normally this would raise red flags > alone, and the IP now has been added to other AUTH restriction RBL's, > but of course headers MAY have been forged... > > But it 'looks' like a case where the first Google MTA in the chain is > adding it, even though the delivery will NOT be local. > > Anyone shed more light on these? > It is impossible to determine from the given data. Can you show us the full headers? Sincerely, Byunghee -- ^고맙습니다 _布德天下_ 감사합니다_^))// ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Microsoft Office365 not rejecting emails when instructed so by SPF recored?
Jaroslaw Rafa via mailop writes: > Dnia 26.05.2023 o godz. 13:16:39 Scott Mutter via mailop pisze: >> If you ask me - a better solution would be to do away with forwarding >> completely and incorporate POP checks, like Gmail does. This alleviates >> all of the issues with forwarding mail in relation to SPF and DKIM. > > No, because you are replacing a service that operates on a "push" principle > - which is the very basis of email - by a service that operates on a "pull" > principle. > > You don't need any active action on your part to receive email someone sends > you, even if it is forwarded. > On the contrary, you *do* require constant active checking of the POP > account you want to download mail from. If you stop checking, you won't get > the mail. If you change the password on your POP account, you need to change > it also on the downloading side etc. - a lot of actual inconveniences. > > With that way of thinking, you can get rid of email completely, and just > regularly check some website where people can write messages for you... > > And, taking into account that POP is quite outdated, many sites don't > implement it anymore and offer IMAP only. So downloading via POP won't work > anyway. > >> If forwarding mail is so important, can a better system >> for handling forwarded mail be developed? > > Since forwarding was before SPF, I would trun this question the other way: > if checking the "legitimacy" of the sending server is so important, can a > better system for handling this (that takes mail forwarding into account) be > developed? > > Myself, I don't think that SPF and other methods of checking "authenticity" > of the email are so important at all. Normal, unsigned email is an > *untrusted* method of communication *by definition*. If you want email to > be "authenticated", you should end-to-end sign it with your PGP or PKI > private key when sending. Period. > > I don't check SPF, DKIM or DMARC on incoming mail at all. Content checking > and blacklist checking is much more important in actual spam prevention than > doubtful "authenticity" checking. That's of course my opinion, you can have > a different one. Hellow Jaroslaw! Whooa, you have good insight and view. I do agree with you, and thanks! Sincerely, Byung-Hee -- ^고맙습니다 _布德天下_ 감사합니다_^))// ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] why some ISP domains have no spf?
Ken Peng via mailop writes: > Hello, > > Why some huge ISPs do not even have SPF for their sending domains? > such as att.net and t-online.de. > I know they may let their users to send email from home DSL via (no-auth) > relay servers, but since the IPs (no matter relay server or home IP) are > assigned by them, it's not hard a job for them to have SPF configured. > for example, t-online's another domain: magenta.de, does have SPF setup. > > Thanks. Probably they do send mail just fine without spf, i guess. Sincerely, Byung-Hee -- ^고맙습니다 _布德天下_ 감사합니다_^))// ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
