Re: [mailop] is warming IPs still necessary?
On Wed, Mar 27, 2024 at 11:19 PM Gerald Oskoboiny via mailop wrote: > > * Gerald Oskoboiny via mailop [2024-03-25 15:58-0700] > >We are planning to move the system that hosts our email > >discussion lists from its old home where it has been for > >decades to an EC2 instance on AWS. It does about 15k deliveries > >per day, most of which go to gmail or google-hosted email > >systems. > > > >Is it still necessary to warm up new IP addresses gradually > >instead of going directly to this volume of deliveries? > > We did this migration last night and it generally went much > better than I expected. A tiny bit of greylisting from some hosts > but no serious issues. Good deal. In this case, I am happy to be proven wrong and I'm glad that you didn't run into any serious issues. Cheers, Al Iverson -- Al Iverson // 312-725-0130 // Chicago http://www.spamresource.com // Deliverability http://www.aliverson.com // All about me https://xnnd.com/calendar // Book my calendar ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] is warming IPs still necessary?
* Gerald Oskoboiny via mailop [2024-03-25 15:58-0700] >We are planning to move the system that hosts our email >discussion lists from its old home where it has been for >decades to an EC2 instance on AWS. It does about 15k deliveries >per day, most of which go to gmail or google-hosted email >systems. > >Is it still necessary to warm up new IP addresses gradually >instead of going directly to this volume of deliveries? We did this migration last night and it generally went much better than I expected. A tiny bit of greylisting from some hosts but no serious issues. eximstats -tnl says: Exim statistics from 2024-03-27 02:32:56 to 2024-03-28 03:26:17 Grand total summary --- At least one address TOTALVolume Messages Addresses Hosts Delayed Failed Received 209MB 3218 5 147 4.6%219 6.8% Delivered948MB 42595 425952025 Rejects 344 112 Temp Rejects5 1 Time spent on the queue: messages with at least one remote delivery --- Under 1m 1379 92.2% 92.2% 5m 22 1.5% 93.7% 15m 12 0.8% 94.5% 30m 31 2.1% 96.6% 1h 25 1.7% 98.3% 3h 18 1.2% 99.5% 6h8 0.5% 100.0% Top 50 host destinations by message count - Messages Addresses Bytes Average Host destination 11164 11164212MB19KB gmail-smtp-in.l.google.com 6481 6481101MB16KB aspmx.l.google.com 1601 1601121MB77KB local 1471 1471 51MB36KB puck.w3.org 1372 1372 62MB46KB pan.w3.org 1193 1193 13MB11KB smtp.google.com 555555 13MB24KB in1-smtp.messagingengine.com 515515 6083KB12KB mx-in.g.apple.com 445445 3975KB9146 microsoft-com.mail.protection.outlook.com 394394 7864KB20KB ASPMX.L.GOOGLE.COM 358358 5274KB15KB mail.protonmail.ch 341341 4763KB14KB ASPMX.L.GOOGLE.com 332332 5387KB16KB hotmail-com.olc.protection.outlook.com 217217 1379KB6507 entersekt-com.mail.protection.outlook.com 171171 7326KB43KB mgamail.eglb.intel.com 160160 6204KB39KB mailin.samsung.com 146146735KB5155 alln-mx-01.cisco.com 141141 2040KB14KB outlook-com.olc.protection.outlook.com 137137 2160KB16KB mx.zoho.com 129129 1736KB13KB mattr-global.mail.protection.outlook.com 128128 2988KB23KB spool.mail.gandi.net 125125 1341KB11KB amazon-smtp.amazon.com 113113 1548KB14KB mx02.mail.icloud.com 108108 1809KB17KB mx01.mail.icloud.com 108108 1791KB17KB adobe-com.mail.protection.outlook.com [...] -- Gerald Oskoboiny http://www.w3.org/People/Gerald/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] is warming IPs still necessary?
While I agree with your points Laura (and generally anything you have to say), I felt this right here warranted a secondary point worth making public to the mailing list: It’s more necessary - you need to warm up both your IP and your domain AND the combination of IP and domain addresses. It's very difficult for people to know what warming up really looks like. If it were a numbered list of absolute and universal rules, they would have to change a week later. This makes "email warmup" services extremely attractive to people. But please, DO NOT fall for this trap. This is purely my opinion, but email warmup services are about to reach crisis levels. Legitimate domains sharing subject/content trends with spammers to a degree typically only reached when a sender on the legitimate domain is compromised, combined with the systematic/automated effort to manipulate spam filters at email providers, will very likely have fallout for the people using these services. They're becoming so trendy that the mere use of the word "warmup" is starting to sound like an endorsement of these services. On 2024-03-26 04:21, Laura Atkins via mailop wrote: On 25 Mar 2024, at 22:58, Gerald Oskoboiny via mailop wrote: We are planning to move the system that hosts our email discussion lists from its old home where it has been for decades to an EC2 instance on AWS. It does about 15k deliveries per day, most of which go to gmail or google-hosted email systems. Don’t use EC2 for mail. Use SES. Is it still necessary to warm up new IP addresses gradually instead of going directly to this volume of deliveries? My impression is that it's less and less necessary in the age of DMARC, SPF and DKIM. It’s more necessary - you need to warm up both your IP and your domain AND the combination of IP and domain addresses. Nothing else would be changing from the recipient's point of view aside from the IP address (and network): the domain, return-paths, dkim keys and selectors involved would all be the same as they have been. The new IP address doesn't seem to be on many public RBLs, and I have contacted Microsoft to have it removed from their block list. Doesn’t matter. It’s a new IP - therefore it starts with a mildly negative reputation. Do many current sites require an IP's reputation to be established gradually? (particularly Google) Would it just greylist deliveries for a few hours, or fail worse than that? The new host will be doing deliveries directly, not using SES. That is, IMO, a very poor choice. laura -- The Delivery Expert Laura Atkins Word to the Wise la...@wordtothewise.com Delivery hints and commentary: http://wordtothewise.com/blog ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] is warming IPs still necessary?
On Tue, Mar 26, 2024 at 12:40 PM Gerald Oskoboiny via mailop wrote: > > * Laura Atkins via mailop [2024-03-26 09:21+] > >> On 25 Mar 2024, at 22:58, Gerald Oskoboiny via mailop > >> wrote: > >> > >> We are planning to move the system that hosts our email > >> discussion lists from its old home where it has been for > >> decades to an EC2 instance on AWS. It does about 15k > >> deliveries per day, most of which go to gmail or google-hosted > >> email systems. > > > >Don’t use EC2 for mail. Use SES. > > Even for something like email discussion lists? 0.00% of this > email is marketing/transactional. It's just a bunch of nerds > talking about web standards. If it's just low/medium volume W3 nerd stuff and you have trouble, feel free to reach out and I'll be happy to let you smart host relay through my MTA, like I'm doing with my own EC2 (and GC) hosts. Cheers, Al -- Al Iverson // 312-725-0130 // Chicago http://www.spamresource.com // Deliverability http://www.aliverson.com // All about me https://xnnd.com/calendar // Book my calendar ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] is warming IPs still necessary?
* Mark Fletcher [2024-03-25 20:38-0700] On Mon, Mar 25, 2024 at 4:30 PM Gerald Oskoboiny via mailop < mailop@mailop.org> wrote: We are planning to move the system that hosts our email discussion lists from its old home where it has been for decades to an EC2 instance on AWS. It does about 15k deliveries per day, most of which go to gmail or google-hosted email systems. Is it still necessary to warm up new IP addresses gradually instead of going directly to this volume of deliveries? Yes, it's still necessary to warm up IP addresses, at least in my current experience. Our biggest problem has been with Microsoft, and their rate limiting of new IP addresses. There are others that also rate limit new IP addresses, but at least with them, you can generally find someone here on mailop that can help. When we first obtained the IP addresses for our email-sending hosts on AWS we had an issue with deliveries to outlook.com and hotmail.com getting refused, but I contacted the Outlook deliverability support team who added mitigation for our IPs and we have had no issues since. We've never had a problem with Gmail/Google. Thanks, that's very good to know. -- Gerald Oskoboiny http://www.w3.org/People/Gerald/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] is warming IPs still necessary?
* Laura Atkins via mailop [2024-03-26 09:21+] On 25 Mar 2024, at 22:58, Gerald Oskoboiny via mailop wrote: We are planning to move the system that hosts our email discussion lists from its old home where it has been for decades to an EC2 instance on AWS. It does about 15k deliveries per day, most of which go to gmail or google-hosted email systems. Don’t use EC2 for mail. Use SES. Even for something like email discussion lists? 0.00% of this email is marketing/transactional. It's just a bunch of nerds talking about web standards. Is it still necessary to warm up new IP addresses gradually instead of going directly to this volume of deliveries? My impression is that it's less and less necessary in the age of DMARC, SPF and DKIM. It’s more necessary - you need to warm up both your IP and your domain AND the combination of IP and domain addresses. The domain has been around for 30 years so hopefully it's pretty warm by now. But I'm indeed leery about the new IP. We recently moved some other email-sending hosts to EC2 instances and haven't had any real problems with deliverability, but they have an order of magnitude less volume. My tentative backup plan if there are issues with the mailing list host is to reroute its deliveries through one of our other hosts that have established a bit of a reputation after a few weeks of deliveries at lower volume. -- Gerald Oskoboiny http://www.w3.org/People/Gerald/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] is warming IPs still necessary?
+1 to what Laura says. I run a couple of EC2-hosted mail servers but I smarthost their mail out through another server, because, if you can get Amazon to unblock port 25 for you, people are still probably going to reject your mail far and wide. The EC2 IP ranges are likely to be treated unkindly both based on the presumption that it's not really a mail hosting neighborhood PLUS anybody who has run a spamtrap network and watched for connections coming from there tends to figure out quick that it's mostly weird stuff like random SMTP tickling for unclear reasons and security testing/threat research. I would not and do not want my legit mail to be part of that neighborhood. Either don't run this in EC2, use SES to handle outbound, or do it my convoluted way and smarthost the mail out through a whole other dedicated server at a completely unrelated ISP that has a good reputation. I'm not even sure I'd recommend it, but I've been doing it for years and years, so it's really more a question of inertia at this point. I might have had this server as a mail server going back to before Amazon SES launched. Cheers, Al Iverson On Tue, Mar 26, 2024 at 5:09 AM Niels Dettenbach via mailop wrote: > > Am Dienstag, 26. März 2024, 10:21:23 CET schrieb Laura Atkins via mailop: > > Don’t use EC2 for mail. Use SES. > yes, > but by my experience, AWS today has a overall poor reputation within the > internet email sphere. > > just my .02$ > > > niels. > > -- > --- > Niels Dettenbach > Syndicat IT & Internet > https://www.syndicat.com > PGP: https://syndicat.com/pub_key.asc > --- > > > > > > > > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop -- Al Iverson // 312-725-0130 // Chicago http://www.spamresource.com // Deliverability http://www.aliverson.com // All about me https://xnnd.com/calendar // Book my calendar ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] is warming IPs still necessary?
Am Dienstag, 26. März 2024, 10:21:23 CET schrieb Laura Atkins via mailop: > Don’t use EC2 for mail. Use SES. yes, but by my experience, AWS today has a overall poor reputation within the internet email sphere. just my .02$ niels. -- --- Niels Dettenbach Syndicat IT & Internet https://www.syndicat.com PGP: https://syndicat.com/pub_key.asc --- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] is warming IPs still necessary?
> On 25 Mar 2024, at 22:58, Gerald Oskoboiny via mailop > wrote: > > We are planning to move the system that hosts our email discussion lists from > its old home where it has been for decades to an EC2 instance on AWS. It does > about 15k deliveries per day, most of which go to gmail or google-hosted > email systems. Don’t use EC2 for mail. Use SES. > Is it still necessary to warm up new IP addresses gradually instead of going > directly to this volume of deliveries? My impression is that it's less and > less necessary in the age of DMARC, SPF and DKIM. It’s more necessary - you need to warm up both your IP and your domain AND the combination of IP and domain addresses. > Nothing else would be changing from the recipient's point of view aside from > the IP address (and network): the domain, return-paths, dkim keys and > selectors involved would all be the same as they have been. > > The new IP address doesn't seem to be on many public RBLs, and I have > contacted Microsoft to have it removed from their block list. Doesn’t matter. It’s a new IP - therefore it starts with a mildly negative reputation. > Do many current sites require an IP's reputation to be established gradually? > (particularly Google) Would it just greylist deliveries for a few hours, or > fail worse than that? > > The new host will be doing deliveries directly, not using SES. That is, IMO, a very poor choice. laura -- The Delivery Expert Laura Atkins Word to the Wise la...@wordtothewise.com Delivery hints and commentary: http://wordtothewise.com/blog ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] is warming IPs still necessary?
On Mon, 25 Mar 2024 15:58:33 -0700, Gerald Oskoboiny via mailop wrote: >Is it still necessary to warm up new IP addresses gradually >instead of going directly to this volume of deliveries? My >impression is that it's less and less necessary in the age of >DMARC, SPF and DKIM. The rule that governs many of the dynamic IP reputation systems that I am familiar with is: "Don't give us any surprises." When I was a spam analyst at MSFT in a previous geologic era, we had a guy who would build out a new Eonix /24, send test messages to seed accounts until he decided that he had found ways around the rules that killed the tail end of yesterday's blast, made his changes, backed his truck up to our network and dumped between five and fifteen million messages over a period of about half to three quarters of an hour. At that time, we had nothing technical implemented that would handle this, so it worked quite well. Eventually, we were able to convince people who did the engineering at the border to consider the "No Surprises" rule. One of my clients, without consulting aforehand, apparently decided that he really needed to do a 10X augmentation to his daily volume. Before the inevitable algorithmic corrections based on the ghastly volume of spam notifications, the border logic at several major providers moved his IP reputations from Good or OK to reject, with sampling. Overall, his border rejection rate went from 1.45% (not great, but not yet a policy enforcement matter) to 55.6% (yes, this is a policy enforcement matter). The sudden onslaught you propose may actually succeed in the main, and after a couple weeks of zero-complaint/excellent-open stats you will be back in good graces overall, it might be well to look at a week-long cutover transition, if the technology permits. mdr -- Ad finem pugnabo. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] is warming IPs still necessary?
On Mon, Mar 25, 2024 at 4:30 PM Gerald Oskoboiny via mailop < mailop@mailop.org> wrote: > We are planning to move the system that hosts our email > discussion lists from its old home where it has been for decades > to an EC2 instance on AWS. It does about 15k deliveries per day, > most of which go to gmail or google-hosted email systems. > > Is it still necessary to warm up new IP addresses gradually > instead of going directly to this volume of deliveries? > Yes, it's still necessary to warm up IP addresses, at least in my current experience. Our biggest problem has been with Microsoft, and their rate limiting of new IP addresses. There are others that also rate limit new IP addresses, but at least with them, you can generally find someone here on mailop that can help. We've never had a problem with Gmail/Google. Cheers, Mark ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] is warming IPs still necessary?
Your biggest threat is hosting on AWS.. Given the nature of EC2, you want to ensure that the IPs you are using are not in the midst of some abusive IPs, and AWS is still not providing public 'rwhois' delegation to our knowledge. Make sure that you have a correct PTR record of course, the generic EC2 PTR naming convention will not get you far.. And 'warming' up.. well, if it is normal email you shouldn't need to, but if it is 'bulk' eg, similar content.. you do need to develop 'trust', and that isn't always about simply 'warming' up the IP. IMHO.. Which brings me to another perfect example.. various VPN providers who try to use EC2 IPs.. but yet don't publicize/identify explicitly their IPs, and generate traffic that may look suspicious.. Just ran into a person who asked.. what IPs are used for Norton's VPN service.. I could not answer them.. trolling Google and Norton's site and forums for a bit, showed it wasn't easy to get that answer. And doing a DNS walk on the 'supposed' ranges didn't show any results.. So, think very carefully on your choices, and what information you should advertise to develop 'trust' for your IPs I can't talk to convenience, security or costs.. but there might be other hosting solutions that allow for more transparency, that might be better for your use case.. That IS if you have a desire for transparency.. On 2024-03-25 15:58, Gerald Oskoboiny via mailop wrote: We are planning to move the system that hosts our email discussion lists from its old home where it has been for decades to an EC2 instance on AWS. It does about 15k deliveries per day, most of which go to gmail or google-hosted email systems. Is it still necessary to warm up new IP addresses gradually instead of going directly to this volume of deliveries? My impression is that it's less and less necessary in the age of DMARC, SPF and DKIM. Nothing else would be changing from the recipient's point of view aside from the IP address (and network): the domain, return-paths, dkim keys and selectors involved would all be the same as they have been. The new IP address doesn't seem to be on many public RBLs, and I have contacted Microsoft to have it removed from their block list. Do many current sites require an IP's reputation to be established gradually? (particularly Google) Would it just greylist deliveries for a few hours, or fail worse than that? The new host will be doing deliveries directly, not using SES. Thanks, -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Reg. TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] is warming IPs still necessary?
We are planning to move the system that hosts our email discussion lists from its old home where it has been for decades to an EC2 instance on AWS. It does about 15k deliveries per day, most of which go to gmail or google-hosted email systems. Is it still necessary to warm up new IP addresses gradually instead of going directly to this volume of deliveries? My impression is that it's less and less necessary in the age of DMARC, SPF and DKIM. Nothing else would be changing from the recipient's point of view aside from the IP address (and network): the domain, return-paths, dkim keys and selectors involved would all be the same as they have been. The new IP address doesn't seem to be on many public RBLs, and I have contacted Microsoft to have it removed from their block list. Do many current sites require an IP's reputation to be established gradually? (particularly Google) Would it just greylist deliveries for a few hours, or fail worse than that? The new host will be doing deliveries directly, not using SES. Thanks, -- Gerald Oskoboiny http://www.w3.org/People/Gerald/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop