Re: [mailop] Google and Spam detection

[Marcus Hoffmann via mailop]

On 25.07.20 15:36, Bjørn Bürger via mailop wrote:
> Am 24. Juli 2020 18:03:54 MESZ schrieb Klaus Ethgen via mailop 
> :
>> I debugged with Bjørn Bürger (thanks for helping) and found out that the
>> error is "weist große Ähnlichkeit zu früheren Spam Nachrichten auf". 
> 
> I might add: This was the error message shown to the end user in Gmail. The 
> headers of that test mail where completely clean, clean SPF- and DKIM passes, 
> no blacklisted sending ip, Ipv4 delivery, etc.
> 
> Interestingly, using the 'not spam' button did not change the result for the 
> next mail. It might be safe to assume that some spam detection mechanism at 
> Google just went crazy, considering some of the other observations on this 
> list. Klaus never sent email to my account before that test, so there was 
> definitely no accidental spam-tagging involved on my side.

Did you actually manage to solve this in this case? I just got notified
that my emails to gmail also are marked as spam. The last time I
explicitly tested this (some months ago) they ended up in the inbox.
There have been no changes on my side.

I submitted a header sample and had a few people mark messages as not
spam. Let's see if it gets better at some point. No idea really what
else to try.

> 
> Bjørn
> 

Marcus

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Brandon Long via mailop]

You seem to have some very strong contrary opinions.

You can choose to believe that it's all a conspiracy that you have bravely
seen through, or choose to consider why a bunch of fairly intelligent folks
can have different opinions on these topics.

The advice you've been given is mostly correct.  I'd also recommend reading
the long thread from last Fall discussing the same issue with Jaroslaw.  He
also felt strongly that things should be different, and we can definitely
wish that it was.  It is unfortunate that the antispam fight has made
life difficult for the small operators.


I won't claim to know all the various rules and signals that Google uses,
especially as I haven't worked on the system in years now, but encryption
isn't a strong signal for spam detection.  Our desires for higher
encryption are completely orthogonal to the spam fight.

Brandon

On Sat, Jul 25, 2020, 2:54 AM Klaus Ethgen via mailop 
wrote:

> Hi Phil,
>
> many thanks for your very helpfull explanation.
>
> Just a few comments...
>
> Am Fr den 24. Jul 2020 um 20:40 schrieb Phil Pennock via mailop:
> > With a poor IP-based reputation, you need to see if you can score a
> > better domain-based reputation.  This is where DKIM comes into play:
> > once you can provably link a message to really be from a given domain,
> > then even if you don't send much mail you can benefit from stuff like
> > "not on day-old-bread domain-lists".  But having DKIM and then a DMARC
> > record does help (and I'm no fan of DMARC).
>
> I will give it a try. Even that I am no fan either. ;-)
>
> > For the mail-server's TLS: for that to count in your favor instead of
> > being a wash, I strongly suspect that it needs to be a certificate which
> > senders can verify.  For those people scoring up for "better TLS", those
> > senders using DANE will be happy with a TLSA record in DNSSEC for your
> > CACert anchor.
>
> I already implemented that. At least for my .ch domains, the .de domain
> is registered with hetzner and even that my DNS is configured to add
> DNSSEC to it, I am unable to configure the glue in hetzner GUI.
>
> Unfortunately the Lookaside Validation is not in use anymore so I have
> no way to use DNSSEC with my .de domain.
>
> > At that point, CACert is not going to cut it.  You'd need to
> > try Let's Encrypt instead.
>
> I will never, never ever use Let's Encrypt! They did destroy every left
> over of trust you could ever have in the whole CA system.
>
> The fact, that Let's Encrypt certificates are only valid for 3 months
> makes it impossible to check the cert manually every time you use that
> side. And I would not trust any CA, not Let's Encrypt, nor others.
> CACert was the only one that has earned SOME trust but giving the nature
> of the CA system that any rotten CA out there can issue a certificate
> for your domain, I can not trust the CA system at all.
>
> DNSSEC is and was the answer that could ever solve the misery but it is
> actively denied by the big players, all in front mozilla with firefox
> making it even impossible for the tlsa check addon to still work. It
> would in fact helps a lot if browsers would start using DNSSEC but I
> think, mozilla (and the others) have high interest that this secure
> solution will die. It would be the death of all that rotten CAs out
> there.
>
> By the way, you not only find TLSA record for my mail server than also
> for my web addresses.
>
> Finally, yea, I could install that tool to issue a new cert every month
> with Let's Encrypt. But I don't like to give that company the control
> over my working system.
>
> So, no, I will never, never ever use Let's Encrypt at all!
>
> >+ avoid `-all` at the end because with the sole exception of "this
> >  domain never sends email" records, it tends to be a sign of
> >  over-enthusiasm and counts slightly against you;
>
> That is something that I do not understand. This is the only
> legitimisation of SPF to have a -all at the end. Otherwise SPF has no
> use at all.
>
> >+ remember to have an SPF record for your HELO hostname, because when
> >  you send a "bounce" rejection, this is the thing which will be
> >  looked up (since there's no domain in `<>`).
>
> A good measurement is to never send bounces out of your system. If you
> would need to send bounces, don't accept the mail in the begin.
>
> Every bouncing could be misused for bacscatters. And I seen a lot of
> that shit.
>
> >  * Seeing if you can get your IP onto one of the open DNS-based
> >allow-lists (also called "whitelists" but some folks are moving away
> >from that term), such as  or Spamhaus's SWL.
>
> Side note, I use the marketing tags there on the whitelist as blacklist.
> I will never accept marketing mails so it is a pretty good measurement.
>header RCVD_IN_DNSWL_SPAM
> eval:check_rbl_sub('dnswl-firsttrusted', '^127\.0\.15\.\d+')
>describe   RCVD_IN_DNSWL_SPAM  Selftagged Marketing mailer
>score

Re: [mailop] Google and Spam detection

[John Levine via mailop]

In article <3961693e-e24a-576c-fb09-cbd1ad610...@backschues.de> you write:
>Am 25.07.20 um 04:07 schrieb John Levine via mailop:
>
>> Gmail has repeatedly said that they do not accept unauthenticated mail
>> on IPv6.
>
>Sorry, but I can not confirm this.
>
>I've 16x IPv6 MXs that are working fine with Gmail w/o authentication.

For this purpose, SPF counts as authentication.

R's,
John

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Jörg Backschues via mailop]

Am 25.07.20 um 04:07 schrieb John Levine via mailop:


Gmail has repeatedly said that they do not accept unauthenticated mail
on IPv6.


Sorry, but I can not confirm this.

I've 16x IPv6 MXs that are working fine with Gmail w/o authentication.

--
Regards
Jörg Backschues

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Jaroslaw Rafa via mailop]

Dnia 24.07.2020 o godz. 17:03:54 Klaus Ethgen via mailop pisze:
> 
> And I am afraid that there is nothing I can do to solve that. :-(

I have sent a few suggestions what you can try.
I was in a very similar situation to yours twice and it got solved somehow
(although I still don't know how exactly).
First, setup DKIM and DMARC. Really, you have to do it if you have issues
with Gmail.
Second, send headers of a message mis-classified as spam to Google via their
contact form.
Third, try to contact Brandon, who is on this list.
You can try to register your IP and domain at dnswl.org, although I'm not
sure if Google uses that.
And be patient and wait until the issue is eventually cleared...
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[John R Levine via mailop]

Gmail has repeatedly said that they do not accept unauthenticated mail on IPv6.


And with very good reason. Consider that you can very easily have a dedicated 
IP address for every email message you will ever send :-)


Of course.  Doesn't everyone do that?

Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Sam Tuke via mailop]

Thanks Phil for your very useful summary.

On 24/07/2020 21:40, Phil Pennock via mailop wrote:
> If you don't send much email, then the only IP-based reputation
> which Google can assess you on is the reputation of your
> address-block
Is there any reputation checking service for address blocks (as opposed to 
individual IPs)? E.g. something like Reputation Authority.

Sam.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Klaus Ethgen via mailop]

Hi Phil,

many thanks for your very helpfull explanation.

Just a few comments...

Am Fr den 24. Jul 2020 um 20:40 schrieb Phil Pennock via mailop:
> With a poor IP-based reputation, you need to see if you can score a
> better domain-based reputation.  This is where DKIM comes into play:
> once you can provably link a message to really be from a given domain,
> then even if you don't send much mail you can benefit from stuff like
> "not on day-old-bread domain-lists".  But having DKIM and then a DMARC
> record does help (and I'm no fan of DMARC).

I will give it a try. Even that I am no fan either. ;-)

> For the mail-server's TLS: for that to count in your favor instead of
> being a wash, I strongly suspect that it needs to be a certificate which
> senders can verify.  For those people scoring up for "better TLS", those
> senders using DANE will be happy with a TLSA record in DNSSEC for your
> CACert anchor.

I already implemented that. At least for my .ch domains, the .de domain
is registered with hetzner and even that my DNS is configured to add
DNSSEC to it, I am unable to configure the glue in hetzner GUI.

Unfortunately the Lookaside Validation is not in use anymore so I have
no way to use DNSSEC with my .de domain.

> At that point, CACert is not going to cut it.  You'd need to
> try Let's Encrypt instead.

I will never, never ever use Let's Encrypt! They did destroy every left
over of trust you could ever have in the whole CA system.

The fact, that Let's Encrypt certificates are only valid for 3 months
makes it impossible to check the cert manually every time you use that
side. And I would not trust any CA, not Let's Encrypt, nor others.
CACert was the only one that has earned SOME trust but giving the nature
of the CA system that any rotten CA out there can issue a certificate
for your domain, I can not trust the CA system at all.

DNSSEC is and was the answer that could ever solve the misery but it is
actively denied by the big players, all in front mozilla with firefox
making it even impossible for the tlsa check addon to still work. It
would in fact helps a lot if browsers would start using DNSSEC but I
think, mozilla (and the others) have high interest that this secure
solution will die. It would be the death of all that rotten CAs out
there.

By the way, you not only find TLSA record for my mail server than also
for my web addresses.

Finally, yea, I could install that tool to issue a new cert every month
with Let's Encrypt. But I don't like to give that company the control
over my working system.

So, no, I will never, never ever use Let's Encrypt at all!

>+ avoid `-all` at the end because with the sole exception of "this
>  domain never sends email" records, it tends to be a sign of
>  over-enthusiasm and counts slightly against you;

That is something that I do not understand. This is the only
legitimisation of SPF to have a -all at the end. Otherwise SPF has no
use at all.

>+ remember to have an SPF record for your HELO hostname, because when
>  you send a "bounce" rejection, this is the thing which will be
>  looked up (since there's no domain in `<>`).

A good measurement is to never send bounces out of your system. If you
would need to send bounces, don't accept the mail in the begin.

Every bouncing could be misused for bacscatters. And I seen a lot of
that shit.

>  * Seeing if you can get your IP onto one of the open DNS-based
>allow-lists (also called "whitelists" but some folks are moving away
>from that term), such as  or Spamhaus's SWL.

Side note, I use the marketing tags there on the whitelist as blacklist.
I will never accept marketing mails so it is a pretty good measurement.
   header RCVD_IN_DNSWL_SPAM  
eval:check_rbl_sub('dnswl-firsttrusted', '^127\.0\.15\.\d+')
   describe   RCVD_IN_DNSWL_SPAM  Selftagged Marketing mailer
   score  RCVD_IN_DNSWL_SPAM  10.00

>  * If your communications base includes people using OpenPGP with email,
>then set up WKD to publish PGP keys for your domain too.  This is
>just a fixed schema for laying out keys for HTTPS retrieval.

There is a different system to have the cert in DNS (secured with
DNSSEC):
   host -t cert 4iwmtum663r8xnewtn7ugkdixws1d1n8._pka.ethgen.ch

>  * The moment you start specifying "must be TLS-secured" it's worth
>adding CAA records into DNS, so that CAs which are broadly trusted
>will refuse to issue for your domain unless you list them.

That CAA record is broken from the begin and idiotic measurement at all.
If you don't implement DNSSEC, you cannot trust it and if you DO
implement DNSSEC, there is no need for it, just use TLSA.

Regards
   Klaus
-- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C


signature.asc
Description: PGP signature

Re: [mailop] Google and Spam detection

[Luis E. Muñoz via mailop]

On 24 Jul 2020, at 19:07, John Levine via mailop wrote:

Gmail has repeatedly said that they do not accept unauthenticated mail 
on IPv6.


And with very good reason. Consider that you can very easily have a 
dedicated IP address for every email message you will ever send :-)


Best regards

-lem

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Michael Rathbun via mailop]

On Fri, 24 Jul 2020 18:45:19 +0200, Ralph Seichter via mailop
 wrote:

>So please, give us Hetzner customers a break if we're doing things The
>Right Way(TM).

I don't block the list of Hetzner prefixes I have amassed, because the
individual senders do it for me.  100% of all Hetzner IP traffic logged since
1-Jan-'20 has eventuated in delivery to a "sudden death" spamtrap, which
causes a 24-hour refusal (to begin with -- it doubles every time a hit
occurs).  A couple of them got up to 16 days before they eventually gave up.

mdr
-- 
  No one ever blew up a mosque, church, or abortion clinic 
  after yelling, "I could be wrong!"
  Frank Schaeffer


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Carl Byington via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Fri, 2020-07-24 at 22:08 -0400, John Levine via mailop wrote:
> Depends whether you consider Comcast to be big. They sure have a lot
> of customers.

If five-ten-sg.com wants to deliver to comcast.net, my publishing tlsa
records for _25._tcp.mail3.five-ten-sg.com probably won't affect whether
comcast accepts my mail.

I can look at their _25._tcp.mx1.comcast.net tlsa record when deciding
whether the TLS connection to their mail server meets my outgoing
standards.

They can look at my _25._tcp.mail3.five-ten-sg.com tlsa record when
sending mail to me, but again, that won't affect my deliverability to
them.


-BEGIN PGP SIGNATURE-

iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCXxuhlhUcY2FybEBmaXZl
LXRlbi1zZy5jb20ACgkQL6j7milTFsFmAACbBc2KnHl/hl4usFRhJ5HvaE8+fBQA
ni76KWPMAI+7OVLa1ajyw8d1KWQo
=lvON
-END PGP SIGNATURE-



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[John Levine via mailop]

In article <20200724230322.ga531...@fullerene.field.pennock-tech.net> you write:
>On 2020-07-24 at 15:29 -0700, Luis E. Muñoz wrote:
>> I would push DANE a bit up in the list. DNSSEC can be a drag to some, but it
>> is really the way to go in terms of decentralization of encryption. It is
>> also a good practice.
>
>Absolutely, but the context here was sending to Gmail, who don't (as far
>as we on the outside know) implement DNSSEC verification or DANE.  So I
>moved it down the list.
>
>The big webmail providers don't do DANE, so for "how to deliver to
>them", DANE stays lower on the list. 

Depends whether you consider Comcast to be big. They sure have a lot
of customers.

-- 
Regards,
John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[John Levine via mailop]

In article <83ee71f6-7b9c-4efb-e101-f28705a6c...@elementality.org>,
G. Miliotis via mailop  wrote:
>> I see no difference in IPv4 vs IPv6. You do need to have rDNS properly 
>> setup and we use SPF and DKIM, no DMARC. IPs from a cloud provider to 
>> boot. Good deliverability.
>>
>When I tried IPV6 from Hetzner some time ago, gmail dropped everything 
>outright until I set up DKIM.

Gmail has repeatedly said that they do not accept unauthenticated mail
on IPv6.

-- 
Regards,
John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[John Levine via mailop]

In article <0316fd32-617a-e4a2-9a70-72571dd37...@elementality.org> you write:
>
>On 24/7/2020 7:13 μ.μ., John Levine via mailop wrote:
>> In article <20200724160354.gg9...@ikki.ethgen.ch> you write:
>>> I think it might happen that in past hetzner (my hosting provider) ...
>> Oh, there's your problem. Hetzner's network spews garbage. I don't
>> accept any mail from it at all.
>
>That's up to you. I guess this email would never reach any of your 
>users, then.

Probably not. I log all the mail I decline, and for your network block
136.243/16, everything it's sent to my network in the past year has
been spam, mostly sent to addresses on ancient spam lists. With those
odds, I'm not too worried about it.

There are other VPS providers that do a lot better job, but first
they have to care.

R's,
John

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Al Iverson via mailop]

Thanks for this. I'm going to link to it from Spam Resource.

Cheers,
Al Iverson

On Fri, Jul 24, 2020 at 4:40 PM Phil Pennock via mailop
 wrote:
>
> On 2020-07-24 at 15:40 -0400, Phil Pennock via mailop wrote:
> [ snip lots ]
>
> I was asked by someone with a link to a mailing-list archive entry to
> turn this into a blog-post which could be cited, so I've done so; there
> are some additions of RFC and website cross-references which might make
> it easier to act upon.
>
> 
>
> -Phil
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



-- 
Al Iverson // Wombatmail // Chicago
Song a day! https://www.wombatmail.com
Deliverability! https://spamresource.com
And DNS Tools too! https://xnnd.com

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Bjoern Franke via mailop]

Hi,



Recently, I heard often that my mails to friends on gmail ended up in
spam.




Recently I moved my domain to a VPS at Netcup and all reputation at 
Google seem to be broken.
Last week I sent a G-Suite user a cancellation of an appointment - which 
was discussed before via mail - and the person missed the cancellation 
because it had "similarities with former spam mails".
I've sent a testmail now to my own gmail account, it ended up in spam 
due to "similarities with former spam mails" - with SPF, DKIM and DMARC 
passed.


I'm getting the impression as a "self hosting"-user you have to check 
the MX of every user you are mailing to - just in case he/she uses 
Google you have to tell him/her on other channels to check the spam 
folder or a self fullfilling "similarities with former spam mails" 
prophecy is created.


Regards
Bjoern

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Phil Pennock via mailop]

On 2020-07-24 at 15:29 -0700, Luis E. Muñoz wrote:
> I would push DANE a bit up in the list. DNSSEC can be a drag to some, but it
> is really the way to go in terms of decentralization of encryption. It is
> also a good practice.

Absolutely, but the context here was sending to Gmail, who don't (as far
as we on the outside know) implement DNSSEC verification or DANE.  So I
moved it down the list.

The big webmail providers don't do DANE, so for "how to deliver to
them", DANE stays lower on the list.  For Best Current Practices which
focus more on "how to be compliant with current changes in privacy
legislation in the EU", then yes DANE moves up the list.  Folks really
should do that.

For clarity: none of the 14 (!!!) points in the main deliverability list
are optional, if you care about your outbound mail being delivered.

> You may find this helpful
> 
> https://esmtp.email/tools/mta-sts/

Ooh, thanks.  I'll update the blog-post with a link.

-Phil

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Luis E. Muñoz via mailop]

I would push DANE a bit up in the list. DNSSEC can be a drag to some, 
but it is really the way to go in terms of decentralization of 
encryption. It is also a good practice.


On 24 Jul 2020, at 12:40, Phil Pennock via mailop wrote:


 * MTA-STS webserver with HTTPS from the same CA, and the relevant
   MTA-STS txt file in place; add the DNS record when it's up and 
happy.


You may find this helpful

https://esmtp.email/tools/mta-sts/

Best regards

-lem

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Phil Pennock via mailop]

On 2020-07-24 at 15:40 -0400, Phil Pennock via mailop wrote:
[ snip lots ]

I was asked by someone with a link to a mailing-list archive entry to
turn this into a blog-post which could be cited, so I've done so; there
are some additions of RFC and website cross-references which might make
it easier to act upon.



-Phil

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Phil Pennock via mailop]

On 2020-07-24 at 09:54 +0100, Klaus Ethgen via mailop wrote:
> As my mails are always plain text, signed by PGP and coming from a mail
> server that I can assure is never sending spam or even high amount of
> mails, that is not in any blacklist, I wonder, what makes it google to
> believe that my mails should be in spam? (On the other side, the left
> clear spams sent by amavis, mailchimp or others in the inbox.)
> 
> Is there any I can do to prevent google to hide the mails from my
> friends?
> 
> Ah yes, before you ask, I hav a strong SPF record, my mailserver forces
> encryption (with a cacert certificate) but I didn't implement DKIM as I
> see no use for it.

There's a PDF from Google from 2006 which is still worth reading:
  https://research.google.com/pubs/archive/45.pdf

If you don't send much email, then the only IP-based reputation which
Google can assess you on is the reputation of your address-block, so
being in a "troublesome" hosting provider will score heavily against
you.  At that point, if not moving away, you need to try to balance out
that negative score with enough positives that any of the large
providers using reputation scoring will accept the mail.

Working forward-and-reverse paired DNS is even more important for IPv6
than for IPv4; for better or worse, some of the large providers have
decided that exemptions in old standards for old behavior should not
apply when folks deploy standards which are far newer.  So you
absolutely need an MX, not just relying upon address-records.

With a poor IP-based reputation, you need to see if you can score a
better domain-based reputation.  This is where DKIM comes into play:
once you can provably link a message to really be from a given domain,
then even if you don't send much mail you can benefit from stuff like
"not on day-old-bread domain-lists".  But having DKIM and then a DMARC
record does help (and I'm no fan of DMARC).

For the mail-server's TLS: for that to count in your favor instead of
being a wash, I strongly suspect that it needs to be a certificate which
senders can verify.  For those people scoring up for "better TLS", those
senders using DANE will be happy with a TLSA record in DNSSEC for your
CACert anchor.  But the large webmail providers are Resistant to having
to deploy DNSSEC verification, so instead have pushed out an alternative
called MTA-STS.  With MTA-STS, you're tied into "whichever subset of CAs
all the large senders you care about will trust", and then using that CA
for the certificates both for the mta-sts webserver and for your
mail-server.  Note that you don't need to implement the client logic for
MTA-STS (and I think it's antithetical to an open federated platform)
but do need to just publish the static information for those senders who
do use it. At that point, CACert is not going to cut it.  You'd need to
try Let's Encrypt instead.

The ongoing natural tendency from larger providers is to favor
supporting what the majority of their users want the majority of the
time.  With so many people using larger providers, they naturally tilt
towards stuff which works with the larger senders, and requiring more
hoops.  Those additional hoops create more work for smaller providers
and self-hosters doing thing manually.

We need better automation tools around all of this.  The below will make
it clearer why.

So, here is my current understanding of the best current practices here,
in reality not IETF idealism.  This includes making mandatory stuff
which some folks insist must be optional, because realistically to send
to some large providers it's not optional.  This list includes features
to make you compatible with ongoing trends in the EU (particularly
Germany) to strongly disfavor allowing cleartext SMTP.

This assumes that you are _not_ a large sender who should also be
setting up feedback loops, learning how to "warm" IPs, considering BIMI,
postmaster tooling domain verification, etc.

 * reverse DNS with matching forward DNS; the name used should not
   pattern-match anything generic and ideally would include a DNS label
   of `mail` or `mx` or the like in it.
 * MX record, always.
 * accurate SPF;
   + ideally not too broad;
   + avoid `-all` at the end because with the sole exception of "this
 domain never sends email" records, it tends to be a sign of
 over-enthusiasm and counts slightly against you;
   + remember to have an SPF record for your HELO hostname, because when
 you send a "bounce" rejection, this is the thing which will be
 looked up (since there's no domain in `<>`).
 * DKIM set up, RSA2048 key, with a selector.  Note that for various
   good reasons you should design this to be something you routinely
   rotate.  Some folks use yearly, some monthly; I rotate every three
   months.
 * DMARC record, but for domains which humans send from _don't_ use
   quarantine or reject; do consider setting up a receiver for reports,
   just so you can see how much of a privacy breach DMARC reporting 

Re: [mailop] Google and Spam detection

[Anne P. Mitchell, Esq. via mailop]

Also, starting in this past week, Google (must have) changed their 
spam-detecting algorithm, as we are seeing that suddenly fully 50% of any day's 
load in the spam folder are false positives (i.e. has actually been legitimate 
email, even email that has a months - or even years - long history of being 
delivered to the inbox previously), and where prior to this week (and again, 
for months and years) there was typically maybe a 3%-5% false positive in the 
spam folder - it jumped to 50% overnight, several days ago.  Maybe not for 
everyone, but we've heard this from several others.

All of this to say that all of the advice in this thread (especially DKIM, SPF, 
and ipv4) is good advice, but you still may see problems until Google does a 
correction (assuming they do).

Anne

--
Anne P. Mitchell,  Attorney at Law
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
CEO, SuretyMail Email Reputation Certification
Advisor, Governor's Innovation Response Team Task Force
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Former Counsel: Mail Abuse Prevention System (MAPS)


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Al Iverson via mailop]

You're overthinking it. Create a 2048-bit RSA key pair (support for a
longer key is not clear at this time).

How to fit the public key into DNS when it's longer than 255 chars? Here's how:
https://serverfault.com/questions/255580/how-do-i-enter-a-strong-long-dkim-key-into-dns
Very commonly done. Here's an example:
https://xnnd.com/dns.cgi?s=10dkim1=s10.exacttarget.com=dkim

If you struggle with 2048-bit, you could go down to 1024-bit, which
will fit into 255 bytes. Is probably OK if you rotate the key
regularly.

Regards,
Al Iverson

On Fri, Jul 24, 2020 at 11:03 AM Klaus Ethgen via mailop
 wrote:
>
> Hi,
>
> Am Fr den 24. Jul 2020 um 14:20 schrieb Faisal Misle via mailop:
> > I also strongly recommend you start signing with DKIM. You may not have had 
> > a use for it, but now you do.
>
> I did it now and fallen in all misstakes one could do.
> - First I tried out a ed25519 key. That worked very fast but it seems to
>   be not that wide supported.
> - Well fine, lets create a RSA 4096. But why the hell is my Bind
>   stopping to resolve the zone!? It seems that it is not possible to
>   create lines longer than 255 bytes. You have to concate them with
>   spaces in between. Well, how good that bind does write that good log
>   messages. (NONE!!!)
>
> GRML
>
> Regards
>Klaus
> --
> Klaus Ethgen   http://www.ethgen.ch/
> pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
> Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



-- 
Al Iverson // Wombatmail // Chicago
Song a day! https://www.wombatmail.com
Deliverability! https://spamresource.com
And DNS Tools too! https://xnnd.com

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[G. Miliotis via mailop]

On 24/7/2020 8:12 μ.μ., Luis E. Muñoz via mailop wrote:



On 24 Jul 2020, at 7:48, Jaroslaw Rafa via mailop wrote:

Not true, I was (and am) always delivering mail via IPv4 and had 
mentioned
problems (and also other people whose complaints I have read don't 
use IPv6

as well).


I see no difference in IPv4 vs IPv6. You do need to have rDNS properly 
setup and we use SPF and DKIM, no DMARC. IPs from a cloud provider to 
boot. Good deliverability.


When I tried IPV6 from Hetzner some time ago, gmail dropped everything 
outright until I set up DKIM.


--GM


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Luis E. Muñoz via mailop]

On 24 Jul 2020, at 7:48, Jaroslaw Rafa via mailop wrote:

Not true, I was (and am) always delivering mail via IPv4 and had 
mentioned
problems (and also other people whose complaints I have read don't use 
IPv6

as well).


I see no difference in IPv4 vs IPv6. You do need to have rDNS properly 
setup and we use SPF and DKIM, no DMARC. IPs from a cloud provider to 
boot. Good deliverability.


Best regards

-lem

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[G. Miliotis via mailop]

On 24/7/2020 7:13 μ.μ., John Levine via mailop wrote:

In article <20200724160354.gg9...@ikki.ethgen.ch> you write:

I think it might happen that in past hetzner (my hosting provider) ...

Oh, there's your problem. Hetzner's network spews garbage. I don't
accept any mail from it at all.



That's up to you. I guess this email would never reach any of your 
users, then.


Soon it will become less and less effective to block providers, you see 
the rising spam volumes from all providers, including the big boys. The 
whole argument seems to me to be a Hetzner netblock issue for the OP. I 
faced the same issue, adding dkim/dmarc helped.



--GM


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Eric Tykwinski via mailop]

> 
> Oh, there's your problem. Hetzner's network spews garbage. I don't
> accept any mail from it at all.

I'm willing to bet that almost all large cheaper providers have issues, at 
least from what I've seen myself.  This nice tool was just on the FrontPage of 
Hacker News: https://github.com/freeCodeCamp/mail-for-good/tree/heroku/stable, 
so I'm expecting a new wave of spam from AWS probably shortly.
Sadly, when people try to do good, it usually gets followed by bad actors 
sooner than later.

> R's,
> John

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300





___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Thomas Walter via mailop]

Hi,

On 24.07.20 18:09, Marcel Becker via mailop wrote:
> Not saying that it's the case here (what do I know about Google's spam
> filters or your friends...) but sometimes the cause for this is on the
> receiving end and quite low tech. Ie: We have quite a few cases where
> users mark mail from uncle Bob as spam and then complain that mail from
> uncle Bob is in the spam folder. 
oh how I loathe the more or less daily abuse messages from Microsoft's
mail services that are perfectly reasonable e-mails from students or staff.

Users either don't understand what it means if they mark an email as
spam or they don't understand the difference between trash and junk -
which can be a language / translation issue...

And they are always really happy when I contact them and tell them
everything about the full mail content that got forwarded to abuse.

If you ask people about Spam, a lot of them will tell you it is
"annoying email they don't want to think about", not bulk unsolicited
messages for the purposes of advertising, phishing, malware, etc.

Regards,
Thomas Walter

-- 
Thomas Walter
Datenverarbeitungszentrale

FH Münster
- University of Applied Sciences -
Corrensstr. 25, Raum B 112
48149 Münster

Tel: +49 251 83 64 908
Fax: +49 251 83 64 910
www.fh-muenster.de/dvz/

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Alan Hodgson via mailop]

On Fri, 2020-07-24 at 12:13 -0400, John Levine via mailop wrote:
> In article <20200724160354.gg9...@ikki.ethgen.ch> you write:
> > I think it might happen that in past hetzner (my hosting provider) ...
> 
> Oh, there's your problem. Hetzner's network spews garbage. I don'taccept any
> mail from it at all.

Yeah. And unfortunately it seems every VPS and self-hosting provider is in
pretty much the same boat for mail delivery nowadays. Too much abuse.
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[John Levine via mailop]

In article <20200724160354.gg9...@ikki.ethgen.ch> you write:
>I think it might happen that in past hetzner (my hosting provider) ...

Oh, there's your problem. Hetzner's network spews garbage. I don't
accept any mail from it at all.

R's,
John

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Marcel Becker via mailop]

On Fri, Jul 24, 2020 at 2:02 AM Klaus Ethgen via mailop 
wrote:

> Recently, I heard often that my mails to friends on gmail ended up in
> spam.
>
>
Not saying that it's the case here (what do I know about Google's spam
filters or your friends...) but sometimes the cause for this is on the
receiving end and quite low tech. Ie: We have quite a few cases where users
mark mail from uncle Bob as spam and then complain that mail from uncle Bob
is in the spam folder.
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Klaus Ethgen via mailop]

Am Fr den 24. Jul 2020 um 15:51 schrieb Michael Peddemors via mailop:
> We have found that the FIRST thing you need to do is put a sane SPF record
> in place for IPv4 traffic.. This has resolved the issue for most of the
> cases we have seen for clients.

Not the issue. The SPF is fully correct.

I debugged with Bjørn Bürger (thanks for helping) and found out that the
error is "weist große Ähnlichkeit zu früheren Spam Nachrichten auf". As
I never sent spam at all, it seems that this google crap is a self
fullfilling oracle.

I think it might happen that in past hetzner (my hosting provider) was
in some blacklist. That might have been a reason for past mails to end
in spam folder. Now. as how stupid is the most of gmail users (present
excluded), I think that they just read the mail in the spam folder and
did delete them or just kept them there. As the result, now all new
mails end in spam too.

And I am afraid that there is nothing I can do to solve that. :-(

Regards
   Klaus
-- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C


signature.asc
Description: PGP signature
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Klaus Ethgen via mailop]

Hi,

Am Fr den 24. Jul 2020 um 14:20 schrieb Faisal Misle via mailop:
> I also strongly recommend you start signing with DKIM. You may not have had a 
> use for it, but now you do.

I did it now and fallen in all misstakes one could do.
- First I tried out a ed25519 key. That worked very fast but it seems to
  be not that wide supported.
- Well fine, lets create a RSA 4096. But why the hell is my Bind
  stopping to resolve the zone!? It seems that it is not possible to
  create lines longer than 255 bytes. You have to concate them with
  spaces in between. Well, how good that bind does write that good log
  messages. (NONE!!!)

GRML

Regards
   Klaus
-- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C


signature.asc
Description: PGP signature
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Klaus Ethgen via mailop]

Am Fr den 24. Jul 2020 um 15:34 schrieb Thomas Hochstein via mailop:
> In my experience, most problems concerning mail delivery
> to Google disappear as soon as you deliver mail over ipv4
> (instead of ipv6).

I knew about that issue. But my mail server is still IPv4 only so no
issue for me.

Regards
   Klaus
-- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C


signature.asc
Description: PGP signature
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Jaroslaw Rafa via mailop]

Dnia 24.07.2020 o godz. 16:34:51 Thomas Hochstein via mailop pisze:
> 
> In my experience, most problems concerning mail delivery
> to Google disappear as soon as you deliver mail over ipv4
> (instead of ipv6).

Not true, I was (and am) always delivering mail via IPv4 and had mentioned
problems (and also other people whose complaints I have read don't use IPv6
as well).
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Michael Peddemors via mailop]

This thread pops up every couple months.

We have found that the FIRST thing you need to do is put a sane SPF 
record in place for IPv4 traffic.. This has resolved the issue for most 
of the cases we have seen for clients.




On 2020-07-24 7:44 a.m., Al Iverson via mailop wrote:

This is all good advice, primarily, try IPv4 + DKIM.
The contact process for Gmail is this form:
https://support.google.com/mail/contact/bulk_send_new
Though it is geared toward bulk senders, it might be worth trying.

Also, encourage your friends to provide feedback to Gmail by clicking
on "not spam."
This feedback is used by Gmail to tune their filters.

And though I agree that this does not scale, any friend could choose
to whitelist your emails inside of Gmail by creating a filter to match
your from address and then choosing "never send to spam." I know it's
not great or fair, but this does work.

Cheers,
Al Iverson

On Fri, Jul 24, 2020 at 8:25 AM Faisal Misle via mailop
 wrote:


I also strongly recommend you start signing with DKIM. You may not have had a 
use for it, but now you do.

Best,
Faisal

PGP Key: C8FD029B


On Fri, Jul 24, 2020 at 4:45 AM, Andrew C Aitchison via mailop 
 wrote:

On Fri, 24 Jul 2020, Klaus Ethgen via mailop wrote:


Hi folks,

Recently, I heard often that my mails to friends on gmail ended up in
spam.

As my mails are always plain text, signed by PGP and coming from a mail
server that I can assure is never sending spam or even high amount of
mails, that is not in any blacklist, I wonder, what makes it google to
believe that my mails should be in spam? (On the other side, the left
clear spams sent by amavis, mailchimp or others in the inbox.)


Plain text and low volumes of mail may count *against* you.


Is there any I can do to prevent google to hide the mails from my
friends?

Ah yes, before you ask, I hav a strong SPF record, my mailserver forces
encryption (with a cacert certificate) but I didn't implement DKIM as I
see no use for it.


I suggest you add an appropriate DMARC record(s) to declare your
SPF and DKIM policies.


I do mails for long time now but it is a mystery for me what google is
doing wrong here. As a private person with low traffic mail server I
also have not the power to negotiate this with google.

Regards
Klaus
--
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C



--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop








--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Al Iverson via mailop]

This is all good advice, primarily, try IPv4 + DKIM.
The contact process for Gmail is this form:
https://support.google.com/mail/contact/bulk_send_new
Though it is geared toward bulk senders, it might be worth trying.

Also, encourage your friends to provide feedback to Gmail by clicking
on "not spam."
This feedback is used by Gmail to tune their filters.

And though I agree that this does not scale, any friend could choose
to whitelist your emails inside of Gmail by creating a filter to match
your from address and then choosing "never send to spam." I know it's
not great or fair, but this does work.

Cheers,
Al Iverson

On Fri, Jul 24, 2020 at 8:25 AM Faisal Misle via mailop
 wrote:
>
> I also strongly recommend you start signing with DKIM. You may not have had a 
> use for it, but now you do.
>
> Best,
> Faisal
>
> PGP Key: C8FD029B
>
>
> On Fri, Jul 24, 2020 at 4:45 AM, Andrew C Aitchison via mailop 
>  wrote:
>
> On Fri, 24 Jul 2020, Klaus Ethgen via mailop wrote:
>
> > Hi folks,
> >
> > Recently, I heard often that my mails to friends on gmail ended up in
> > spam.
> >
> > As my mails are always plain text, signed by PGP and coming from a mail
> > server that I can assure is never sending spam or even high amount of
> > mails, that is not in any blacklist, I wonder, what makes it google to
> > believe that my mails should be in spam? (On the other side, the left
> > clear spams sent by amavis, mailchimp or others in the inbox.)
>
> Plain text and low volumes of mail may count *against* you.
>
> > Is there any I can do to prevent google to hide the mails from my
> > friends?
> >
> > Ah yes, before you ask, I hav a strong SPF record, my mailserver forces
> > encryption (with a cacert certificate) but I didn't implement DKIM as I
> > see no use for it.
>
> I suggest you add an appropriate DMARC record(s) to declare your
> SPF and DKIM policies.
>
> > I do mails for long time now but it is a mystery for me what google is
> > doing wrong here. As a private person with low traffic mail server I
> > also have not the power to negotiate this with google.
> >
> > Regards
> > Klaus
> > --
> > Klaus Ethgen http://www.ethgen.ch/
> > pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen 
> > Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
> >
>
> --
> Andrew C. Aitchison Kendal, UK
> and...@aitchison.me.uk
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



-- 
Al Iverson // Wombatmail // Chicago
Song a day! https://www.wombatmail.com
Deliverability! https://spamresource.com
And DNS Tools too! https://xnnd.com

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Thomas Hochstein via mailop]

Am 2020-07-24 10:54 Klaus Ethgen via mailop wrote:


Recently, I heard often that my mails to friends on gmail
ended up in spam.


[...]


Is there any I can do to prevent google to hide the mails
from my friends?


In my experience, most problems concerning mail delivery
to Google disappear as soon as you deliver mail over ipv4
(instead of ipv6).

See

(German language only).

-thh

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Faisal Misle via mailop]

I also strongly recommend you start signing with DKIM. You may not have had a 
use for it, but now you do.

Best,
Faisal

PGP Key: [C8FD029B](https://pgp.faisal.ec/)

On Fri, Jul 24, 2020 at 4:45 AM, Andrew C Aitchison via mailop 
 wrote:

> On Fri, 24 Jul 2020, Klaus Ethgen via mailop wrote:
>
>> Hi folks,
>>
>> Recently, I heard often that my mails to friends on gmail ended up in
>> spam.
>>
>> As my mails are always plain text, signed by PGP and coming from a mail
>> server that I can assure is never sending spam or even high amount of
>> mails, that is not in any blacklist, I wonder, what makes it google to
>> believe that my mails should be in spam? (On the other side, the left
>> clear spams sent by amavis, mailchimp or others in the inbox.)
>
> Plain text and low volumes of mail may count *against* you.
>
>> Is there any I can do to prevent google to hide the mails from my
>> friends?
>>
>> Ah yes, before you ask, I hav a strong SPF record, my mailserver forces
>> encryption (with a cacert certificate) but I didn't implement DKIM as I
>> see no use for it.
>
> I suggest you add an appropriate DMARC record(s) to declare your
> SPF and DKIM policies.
>
>> I do mails for long time now but it is a mystery for me what google is
>> doing wrong here. As a private person with low traffic mail server I
>> also have not the power to negotiate this with google.
>>
>> Regards
>> Klaus
>> --
>> Klaus Ethgen http://www.ethgen.ch/
>> pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen 
>> Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
>>
>
> --
> Andrew C. Aitchison Kendal, UK
> and...@aitchison.me.uk
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Jaroslaw Rafa via mailop]

Dnia 24.07.2020 o godz. 09:54:55 Klaus Ethgen via mailop pisze:
> 
> Recently, I heard often that my mails to friends on gmail ended up in
> spam.
> 
> As my mails are always plain text, signed by PGP and coming from a mail
> server that I can assure is never sending spam or even high amount of
> mails, that is not in any blacklist, I wonder, what makes it google to
> believe that my mails should be in spam? (On the other side, the left
> clear spams sent by amavis, mailchimp or others in the inbox.)
[...]
> I do mails for long time now but it is a mystery for me what google is
> doing wrong here. As a private person with low traffic mail server I
> also have not the power to negotiate this with google.

Welcome to the club :(

I experienced this two times in the last year. Many people also wrote here
and on Google forums that they experience the same.

I suppose that they created an AI engine to filter spam that grew too big
and became quite uncontrollable. Even the people who created it aren't
probably completely sure how it works (of course, nobody will ever admit
that).

What I can advise is, first follow Google's sender guidelines:
https://support.google.com/mail/answer/81126?hl=en . They require you to
have SPF, DKIM and DMARC in place - it may be some pain in the ass to do it
if you didn't yet, but I'm afraid you have no other choice. I was also
forced to implement it when I had my issues with Gmail. If it doesn't help
(in my case it didn't), then get the headers of a message that was
mis-classified as spam from one of your recipients (or create a test Gmail
account yourself and send a message to it), and use th Google contact form
to send the headers to them:
https://support.google.com/mail/contact/bulk_send_new . There is no
guarantee that this will help and they even say in this form that there
won't be any reply(!), but that's all you can do.

There is also Brandon from Google on this list, you can try to ask him, but
I'm not sure to what extent he can help.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[sivasubramanian muthusamy via mailop]

On Fri, Jul 24, 2020 at 2:35 PM Klaus Ethgen via mailop 
wrote:

> Hi folks,
>
> Recently, I heard often that my mails to friends on gmail ended up in
> spam.
>
> As my mails are always plain text, signed by PGP and coming from a mail
> server that I can assure is never sending spam or even high amount of
> mails, that is not in any blacklist, I wonder, what makes it google to
> believe that my mails should be in spam? (On the other side, the left
> clear spams sent by amavis, mailchimp or others in the inbox.)
>
> Is there any I can do to prevent google to hide the mails from my
> friends?
>
> Ah yes, before you ask, I hav a strong SPF record, my mailserver forces
> encryption (with a cacert certificate) but I didn't implement DKIM as I
> see no use for it.
>
> I do mails for long time now but it is a mystery for me what google is
> doing wrong here. As a private person with low traffic mail server I
> also have not the power to negotiate this with google.
>

I don't use PGP, I have no idea what an SPF record is, but I have the same
problem.  Some recipients find some of my gmail messages are marked spam,
does any one here have an email address of gmail to write to ?


>
> Regards
>Klaus
> --
> Klaus Ethgen   http://www.ethgen.ch/
> pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
> Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Andrew C Aitchison via mailop]

On Fri, 24 Jul 2020, Klaus Ethgen via mailop wrote:


Hi folks,

Recently, I heard often that my mails to friends on gmail ended up in
spam.

As my mails are always plain text, signed by PGP and coming from a mail
server that I can assure is never sending spam or even high amount of
mails, that is not in any blacklist, I wonder, what makes it google to
believe that my mails should be in spam? (On the other side, the left
clear spams sent by amavis, mailchimp or others in the inbox.)


Plain text and low volumes of mail may count *against* you.


Is there any I can do to prevent google to hide the mails from my
friends?

Ah yes, before you ask, I hav a strong SPF record, my mailserver forces
encryption (with a cacert certificate) but I didn't implement DKIM as I
see no use for it.


I suggest you add an appropriate DMARC record(s) to declare your
SPF and DKIM policies.


I do mails for long time now but it is a mystery for me what google is
doing wrong here. As a private person with low traffic mail server I
also have not the power to negotiate this with google.

Regards
  Klaus
--
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C



--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Google and Spam detection

[Klaus Ethgen via mailop]

Hi folks,

Recently, I heard often that my mails to friends on gmail ended up in
spam.

As my mails are always plain text, signed by PGP and coming from a mail
server that I can assure is never sending spam or even high amount of
mails, that is not in any blacklist, I wonder, what makes it google to
believe that my mails should be in spam? (On the other side, the left
clear spams sent by amavis, mailchimp or others in the inbox.)

Is there any I can do to prevent google to hide the mails from my
friends?

Ah yes, before you ask, I hav a strong SPF record, my mailserver forces
encryption (with a cacert certificate) but I didn't implement DKIM as I
see no use for it.

I do mails for long time now but it is a mystery for me what google is
doing wrong here. As a private person with low traffic mail server I
also have not the power to negotiate this with google.

Regards
   Klaus
-- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C


signature.asc
Description: PGP signature
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop