Re: [mailop] Google and Spam detection

[Michael Rathbun via mailop]

On Fri, 24 Jul 2020 18:45:19 +0200, Ralph Seichter via mailop
 wrote:

>So please, give us Hetzner customers a break if we're doing things The
>Right Way(TM).

I don't block the list of Hetzner prefixes I have amassed, because the
individual senders do it for me.  100% of all Hetzner IP traffic logged since
1-Jan-'20 has eventuated in delivery to a "sudden death" spamtrap, which
causes a 24-hour refusal (to begin with -- it doubles every time a hit
occurs).  A couple of them got up to 16 days before they eventually gave up.

mdr
-- 
  No one ever blew up a mosque, church, or abortion clinic 
  after yelling, "I could be wrong!"
  Frank Schaeffer


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Carl Byington via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Fri, 2020-07-24 at 22:08 -0400, John Levine via mailop wrote:
> Depends whether you consider Comcast to be big. They sure have a lot
> of customers.

If five-ten-sg.com wants to deliver to comcast.net, my publishing tlsa
records for _25._tcp.mail3.five-ten-sg.com probably won't affect whether
comcast accepts my mail.

I can look at their _25._tcp.mx1.comcast.net tlsa record when deciding
whether the TLS connection to their mail server meets my outgoing
standards.

They can look at my _25._tcp.mail3.five-ten-sg.com tlsa record when
sending mail to me, but again, that won't affect my deliverability to
them.


-BEGIN PGP SIGNATURE-

iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCXxuhlhUcY2FybEBmaXZl
LXRlbi1zZy5jb20ACgkQL6j7milTFsFmAACbBc2KnHl/hl4usFRhJ5HvaE8+fBQA
ni76KWPMAI+7OVLa1ajyw8d1KWQo
=lvON
-END PGP SIGNATURE-



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[John Levine via mailop]

In article <20200724230322.ga531...@fullerene.field.pennock-tech.net> you write:
>On 2020-07-24 at 15:29 -0700, Luis E. Muñoz wrote:
>> I would push DANE a bit up in the list. DNSSEC can be a drag to some, but it
>> is really the way to go in terms of decentralization of encryption. It is
>> also a good practice.
>
>Absolutely, but the context here was sending to Gmail, who don't (as far
>as we on the outside know) implement DNSSEC verification or DANE.  So I
>moved it down the list.
>
>The big webmail providers don't do DANE, so for "how to deliver to
>them", DANE stays lower on the list. 

Depends whether you consider Comcast to be big. They sure have a lot
of customers.

-- 
Regards,
John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[John Levine via mailop]

In article <83ee71f6-7b9c-4efb-e101-f28705a6c...@elementality.org>,
G. Miliotis via mailop  wrote:
>> I see no difference in IPv4 vs IPv6. You do need to have rDNS properly 
>> setup and we use SPF and DKIM, no DMARC. IPs from a cloud provider to 
>> boot. Good deliverability.
>>
>When I tried IPV6 from Hetzner some time ago, gmail dropped everything 
>outright until I set up DKIM.

Gmail has repeatedly said that they do not accept unauthenticated mail
on IPv6.

-- 
Regards,
John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[John Levine via mailop]

In article <0316fd32-617a-e4a2-9a70-72571dd37...@elementality.org> you write:
>
>On 24/7/2020 7:13 μ.μ., John Levine via mailop wrote:
>> In article <20200724160354.gg9...@ikki.ethgen.ch> you write:
>>> I think it might happen that in past hetzner (my hosting provider) ...
>> Oh, there's your problem. Hetzner's network spews garbage. I don't
>> accept any mail from it at all.
>
>That's up to you. I guess this email would never reach any of your 
>users, then.

Probably not. I log all the mail I decline, and for your network block
136.243/16, everything it's sent to my network in the past year has
been spam, mostly sent to addresses on ancient spam lists. With those
odds, I'm not too worried about it.

There are other VPS providers that do a lot better job, but first
they have to care.

R's,
John

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Al Iverson via mailop]

Thanks for this. I'm going to link to it from Spam Resource.

Cheers,
Al Iverson

On Fri, Jul 24, 2020 at 4:40 PM Phil Pennock via mailop
 wrote:
>
> On 2020-07-24 at 15:40 -0400, Phil Pennock via mailop wrote:
> [ snip lots ]
>
> I was asked by someone with a link to a mailing-list archive entry to
> turn this into a blog-post which could be cited, so I've done so; there
> are some additions of RFC and website cross-references which might make
> it easier to act upon.
>
> 
>
> -Phil
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



-- 
Al Iverson // Wombatmail // Chicago
Song a day! https://www.wombatmail.com
Deliverability! https://spamresource.com
And DNS Tools too! https://xnnd.com

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Bjoern Franke via mailop]

Hi,



Recently, I heard often that my mails to friends on gmail ended up in
spam.




Recently I moved my domain to a VPS at Netcup and all reputation at 
Google seem to be broken.
Last week I sent a G-Suite user a cancellation of an appointment - which 
was discussed before via mail - and the person missed the cancellation 
because it had "similarities with former spam mails".
I've sent a testmail now to my own gmail account, it ended up in spam 
due to "similarities with former spam mails" - with SPF, DKIM and DMARC 
passed.


I'm getting the impression as a "self hosting"-user you have to check 
the MX of every user you are mailing to - just in case he/she uses 
Google you have to tell him/her on other channels to check the spam 
folder or a self fullfilling "similarities with former spam mails" 
prophecy is created.


Regards
Bjoern

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Phil Pennock via mailop]

On 2020-07-24 at 15:29 -0700, Luis E. Muñoz wrote:
> I would push DANE a bit up in the list. DNSSEC can be a drag to some, but it
> is really the way to go in terms of decentralization of encryption. It is
> also a good practice.

Absolutely, but the context here was sending to Gmail, who don't (as far
as we on the outside know) implement DNSSEC verification or DANE.  So I
moved it down the list.

The big webmail providers don't do DANE, so for "how to deliver to
them", DANE stays lower on the list.  For Best Current Practices which
focus more on "how to be compliant with current changes in privacy
legislation in the EU", then yes DANE moves up the list.  Folks really
should do that.

For clarity: none of the 14 (!!!) points in the main deliverability list
are optional, if you care about your outbound mail being delivered.

> You may find this helpful
> 
> https://esmtp.email/tools/mta-sts/

Ooh, thanks.  I'll update the blog-post with a link.

-Phil

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Luis E. Muñoz via mailop]

I would push DANE a bit up in the list. DNSSEC can be a drag to some, 
but it is really the way to go in terms of decentralization of 
encryption. It is also a good practice.


On 24 Jul 2020, at 12:40, Phil Pennock via mailop wrote:


 * MTA-STS webserver with HTTPS from the same CA, and the relevant
   MTA-STS txt file in place; add the DNS record when it's up and 
happy.


You may find this helpful

https://esmtp.email/tools/mta-sts/

Best regards

-lem

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Phil Pennock via mailop]

On 2020-07-24 at 15:40 -0400, Phil Pennock via mailop wrote:
[ snip lots ]

I was asked by someone with a link to a mailing-list archive entry to
turn this into a blog-post which could be cited, so I've done so; there
are some additions of RFC and website cross-references which might make
it easier to act upon.



-Phil

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Microsoft giving Server Busy errors for M365

[Michael Wise via mailop]

The IP is being throttled… for what exactly, I can’t say.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Faisal Misle via mailop
Sent: Friday, July 24, 2020 1:51 PM
To: Kevin A. McGrail ; mailop 
Subject: [EXTERNAL] Re: [mailop] Microsoft giving Server Busy errors for M365

We usually route them through our TAM and our Premier team when I worked at 
Rackspace.

Don’t think there’s a place for ISPs

Best,
Faisal

PGP Key: 
C8FD029B


On Fri, Jul 24, 2020 at 3:37 PM, Kevin A. McGrail via mailop 
mailto:mailop@mailop.org>> wrote:
Microsoft's anti-spam seems to be misfiring again but for once it is on
the m365 paid customer.  Seeing deferred messages like dsn=4.0.0,
stat=Deferred: 451 4.7.500 Server busy. Please try again later from
[38.124.232.13]. (S77714)
[CO1NAM04FT003.eop-NAM04.prod.protection.outlook.com]

Anyone know how to open a ticket about this?  Working for m365
customer(s) to open support tickets but is there a place for ISPs to let
Microsoft know they have an issue?

Regards,

KAM


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] [INFORMATION] Snapshot of Spamauditor's reports this week

[Michael Peddemors via mailop]

Hi All,

Going into another weekend, and there is a lot of activity out there.

* Amazon EC2 spam on the increase again
* SendGrid Abuse still ongoing
* Similar patterns emerging in other ESP's
* Increase in VPS activation for malware Spam
* Cutwail increases on Chinese IP Space
* Emotet activates again
* Compromised Router Botnet spamming activity dying down

Interesting our spam auditors are not actually seeing much Emotet spam 
actually reaching the filters or traps, and it could be simply because 
the sources are already on common RBL's, or obvious non-email server 
traffic, or virus checkers catching them already.


Fake "Mailbox is full" traffic increasing,  from everywhere.. ESP's, 
compromised accounts, bad VPS providers...


And of course, fake invoice attachments with Malware.

Gmail spammers on the increase again, (of course they are offering to 
get your Google listings higher ;)


Got to love the 'Dynamic Rule Engine', makes it easy to throw out new 
detection numbers..


X-DRE: shanghai_ucloud_spammer, another 'liberal' hosting provider.. obviously 
used for Malware spamming..

Hotmail/Yahoo seeing an increase as well this week, but more of the Nigerian 
Prince and Inheritance scams..

FiveLetterRussian domain has resurfaced, but now more widespread across many 
VPS providers.
Received: from mail.gerul.ru (HELO mail.gerul.ru) (45.138.74.111)
An in general another increase in spam from 'bullet proof' hosting providers in 
Russia

OVH Spammers are at it again, but they seem to be getting smaller blocks, eg 
/29's.

Brazilian Spam and Spammers seems to  have slowed down..

Also, this weeks callout to a hoster that is heavily abused:

inetnum:212.83.160.0 - 212.83.191.255
netname:FRWOL
descr:  Iliad
country:FR
admin-c:ACP23-RIPE
tech-c: TCP8-RIPE
status: ASSIGNED PA
mnt-by: MNT-TISCALIFR
mnt-by: MNT-TISCALIFR-B2B
remarks:Tag: Int
created:2002-09-24T15:24:29Z
last-modified:  2017-05-03T15:23:26Z
source: RIPE

role:   Administrative Contact for ProXad
address:Free SAS / ProXad

Time to either start using 'rwhois' on your networks, or expect the whole 
network reputation to suffer...

Often it's the same faces when it comes to hosters.. (EONIX) and Powered by 
Vesta ;)

50.2.251.153x1  lotbons.shivjain.com
50.2.251.154x1  deisoms.shivjain.com
50.2.251.161x1  crineuthke.shivjain.com
51.141.86.194   x2  mcdo.store
51.143.165.120  x6  sheep.pink
51.195.137.160  x2  ns1.cdbcf.com
51.195.26.126   x4  fun88sports.com
51.195.26.129   x2  suppliesforless.com
51.222.26.17x6  guesser2.salescrawler.com
51.222.50.250   x1  dlv4.srv3-orbis.net
51.222.50.253   x1  dlv6.srv3-orbis.biz
51.222.53.0 x2  dlv1.srv3-orbis.com
51.222.53.1 x2  dlv2.srv3-orbis.com
51.254.72.141   x1  vlado.elmbape.com
51.81.35.34 x2  guesser5.wdemg.com
51.83.204.166   x2  robertnews.info
51.89.16.182x2  jazzlivewagering.com
51.89.19.140x4  idatwork.net
51.89.19.141x4  pricelessbostonsweeps.com
51.89.19.142x3  salveonetworks.com
51.89.19.143x2  philodendron.de
51.89.27.246x4  studymath.org
51.89.28.185x3  prettyvase.com

Verizon? I thought you were blocking port 25 on egress, guess not? SpamBot 
activity..
Might suggest that you clearly indicate whether they are dynamic or static?

97.35.4.39  x14 39.sub-97-35-4.myvzw.com
97.42.192.231   x15 231.sub-97-42-192.myvzw.com
97.46.64.44 x14 44.sub-97-46-64.myvzw.com
97.46.68.112x7  112.sub-97-46-68.myvzw.com
174.194.142.227 x19 227.sub-174-194-142.myvzw.com
174.195.4.83x2  83.sub-174-195-4.myvzw.com
174.196.6.97x11 97.sub-174-196-6.myvzw.com
174.204.70.147  x12 147.sub-174-204-70.myvzw.com


I think all ISP's would do better on standardizing on a naming convention..
Consider a naming convention that more clearly describes the purpose of your 
IPs and Networks, eg..

154-70-130-3.static.
154-70-130-3.dynamic
154-70-130-3.colocation
154-70-130-3.corporate

Which ever of course best describes the usage.  This will enable others to 
better understand the purpose when examining abuse patterns.
Of course, email servers would have 'custom' PTR records.

SpamAuditors are busy.. so you don't have to be ;)
Stay safe this weekend..

Remember, spam is not JUST an annoyance, it can lead to much more serious 
consequences..
Let's do more to watch what is leaving our networks, think of it as a COVID 
mask, I wear one to protect you, you wear one to protect me..



 
--

"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices 

Re: [mailop] Microsoft giving Server Busy errors for M365

[Faisal Misle via mailop]

We usually route them through our TAM and our Premier team when I worked at 
Rackspace.

Don’t think there’s a place for ISPs

Best,
Faisal

PGP Key: [C8FD029B](https://pgp.faisal.ec/)

On Fri, Jul 24, 2020 at 3:37 PM, Kevin A. McGrail via mailop 
 wrote:

> Microsoft's anti-spam seems to be misfiring again but for once it is on
> the m365 paid customer. Seeing deferred messages like dsn=4.0.0,
> stat=Deferred: 451 4.7.500 Server busy. Please try again later from
> [38.124.232.13]. (S77714)
> [CO1NAM04FT003.eop-NAM04.prod.protection.outlook.com]
>
> Anyone know how to open a ticket about this? Working for m365
> customer(s) to open support tickets but is there a place for ISPs to let
> Microsoft know they have an issue?
>
> Regards,
>
> KAM
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Microsoft giving Server Busy errors for M365

[Kevin A. McGrail via mailop]

Microsoft's anti-spam seems to be misfiring again but for once it is on
the m365 paid customer.  Seeing deferred messages like dsn=4.0.0,
stat=Deferred: 451 4.7.500 Server busy. Please try again later from
[38.124.232.13]. (S77714)
[CO1NAM04FT003.eop-NAM04.prod.protection.outlook.com]

Anyone know how to open a ticket about this?  Working for m365
customer(s) to open support tickets but is there a place for ISPs to let
Microsoft know they have an issue?

Regards,

KAM


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Google G.Suite Mail admin

[Curtis Maurand via mailop]

Would you please contact me off list.  I'm having a strange 
deliverability problem to a specific user from a specific host and 
having a weird problem. I have admin access to both ends of the 
conversation.  Something is wrong in the middle and I think it's on your 
side of the middle.  It's very odd.



--
Best Regards Curtis Maurand mailto:cmaur...@xyonet.com

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Phil Pennock via mailop]

On 2020-07-24 at 09:54 +0100, Klaus Ethgen via mailop wrote:
> As my mails are always plain text, signed by PGP and coming from a mail
> server that I can assure is never sending spam or even high amount of
> mails, that is not in any blacklist, I wonder, what makes it google to
> believe that my mails should be in spam? (On the other side, the left
> clear spams sent by amavis, mailchimp or others in the inbox.)
> 
> Is there any I can do to prevent google to hide the mails from my
> friends?
> 
> Ah yes, before you ask, I hav a strong SPF record, my mailserver forces
> encryption (with a cacert certificate) but I didn't implement DKIM as I
> see no use for it.

There's a PDF from Google from 2006 which is still worth reading:
  https://research.google.com/pubs/archive/45.pdf

If you don't send much email, then the only IP-based reputation which
Google can assess you on is the reputation of your address-block, so
being in a "troublesome" hosting provider will score heavily against
you.  At that point, if not moving away, you need to try to balance out
that negative score with enough positives that any of the large
providers using reputation scoring will accept the mail.

Working forward-and-reverse paired DNS is even more important for IPv6
than for IPv4; for better or worse, some of the large providers have
decided that exemptions in old standards for old behavior should not
apply when folks deploy standards which are far newer.  So you
absolutely need an MX, not just relying upon address-records.

With a poor IP-based reputation, you need to see if you can score a
better domain-based reputation.  This is where DKIM comes into play:
once you can provably link a message to really be from a given domain,
then even if you don't send much mail you can benefit from stuff like
"not on day-old-bread domain-lists".  But having DKIM and then a DMARC
record does help (and I'm no fan of DMARC).

For the mail-server's TLS: for that to count in your favor instead of
being a wash, I strongly suspect that it needs to be a certificate which
senders can verify.  For those people scoring up for "better TLS", those
senders using DANE will be happy with a TLSA record in DNSSEC for your
CACert anchor.  But the large webmail providers are Resistant to having
to deploy DNSSEC verification, so instead have pushed out an alternative
called MTA-STS.  With MTA-STS, you're tied into "whichever subset of CAs
all the large senders you care about will trust", and then using that CA
for the certificates both for the mta-sts webserver and for your
mail-server.  Note that you don't need to implement the client logic for
MTA-STS (and I think it's antithetical to an open federated platform)
but do need to just publish the static information for those senders who
do use it. At that point, CACert is not going to cut it.  You'd need to
try Let's Encrypt instead.

The ongoing natural tendency from larger providers is to favor
supporting what the majority of their users want the majority of the
time.  With so many people using larger providers, they naturally tilt
towards stuff which works with the larger senders, and requiring more
hoops.  Those additional hoops create more work for smaller providers
and self-hosters doing thing manually.

We need better automation tools around all of this.  The below will make
it clearer why.

So, here is my current understanding of the best current practices here,
in reality not IETF idealism.  This includes making mandatory stuff
which some folks insist must be optional, because realistically to send
to some large providers it's not optional.  This list includes features
to make you compatible with ongoing trends in the EU (particularly
Germany) to strongly disfavor allowing cleartext SMTP.

This assumes that you are _not_ a large sender who should also be
setting up feedback loops, learning how to "warm" IPs, considering BIMI,
postmaster tooling domain verification, etc.

 * reverse DNS with matching forward DNS; the name used should not
   pattern-match anything generic and ideally would include a DNS label
   of `mail` or `mx` or the like in it.
 * MX record, always.
 * accurate SPF;
   + ideally not too broad;
   + avoid `-all` at the end because with the sole exception of "this
 domain never sends email" records, it tends to be a sign of
 over-enthusiasm and counts slightly against you;
   + remember to have an SPF record for your HELO hostname, because when
 you send a "bounce" rejection, this is the thing which will be
 looked up (since there's no domain in `<>`).
 * DKIM set up, RSA2048 key, with a selector.  Note that for various
   good reasons you should design this to be something you routinely
   rotate.  Some folks use yearly, some monthly; I rotate every three
   months.
 * DMARC record, but for domains which humans send from _don't_ use
   quarantine or reject; do consider setting up a receiver for reports,
   just so you can see how much of a privacy breach DMARC reporting 

Re: [mailop] Google and Spam detection

[Anne P. Mitchell, Esq. via mailop]

Also, starting in this past week, Google (must have) changed their 
spam-detecting algorithm, as we are seeing that suddenly fully 50% of any day's 
load in the spam folder are false positives (i.e. has actually been legitimate 
email, even email that has a months - or even years - long history of being 
delivered to the inbox previously), and where prior to this week (and again, 
for months and years) there was typically maybe a 3%-5% false positive in the 
spam folder - it jumped to 50% overnight, several days ago.  Maybe not for 
everyone, but we've heard this from several others.

All of this to say that all of the advice in this thread (especially DKIM, SPF, 
and ipv4) is good advice, but you still may see problems until Google does a 
correction (assuming they do).

Anne

--
Anne P. Mitchell,  Attorney at Law
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
CEO, SuretyMail Email Reputation Certification
Advisor, Governor's Innovation Response Team Task Force
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Former Counsel: Mail Abuse Prevention System (MAPS)


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Al Iverson via mailop]

You're overthinking it. Create a 2048-bit RSA key pair (support for a
longer key is not clear at this time).

How to fit the public key into DNS when it's longer than 255 chars? Here's how:
https://serverfault.com/questions/255580/how-do-i-enter-a-strong-long-dkim-key-into-dns
Very commonly done. Here's an example:
https://xnnd.com/dns.cgi?s=10dkim1=s10.exacttarget.com=dkim

If you struggle with 2048-bit, you could go down to 1024-bit, which
will fit into 255 bytes. Is probably OK if you rotate the key
regularly.

Regards,
Al Iverson

On Fri, Jul 24, 2020 at 11:03 AM Klaus Ethgen via mailop
 wrote:
>
> Hi,
>
> Am Fr den 24. Jul 2020 um 14:20 schrieb Faisal Misle via mailop:
> > I also strongly recommend you start signing with DKIM. You may not have had 
> > a use for it, but now you do.
>
> I did it now and fallen in all misstakes one could do.
> - First I tried out a ed25519 key. That worked very fast but it seems to
>   be not that wide supported.
> - Well fine, lets create a RSA 4096. But why the hell is my Bind
>   stopping to resolve the zone!? It seems that it is not possible to
>   create lines longer than 255 bytes. You have to concate them with
>   spaces in between. Well, how good that bind does write that good log
>   messages. (NONE!!!)
>
> GRML
>
> Regards
>Klaus
> --
> Klaus Ethgen   http://www.ethgen.ch/
> pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
> Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



-- 
Al Iverson // Wombatmail // Chicago
Song a day! https://www.wombatmail.com
Deliverability! https://spamresource.com
And DNS Tools too! https://xnnd.com

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[G. Miliotis via mailop]

On 24/7/2020 8:12 μ.μ., Luis E. Muñoz via mailop wrote:



On 24 Jul 2020, at 7:48, Jaroslaw Rafa via mailop wrote:

Not true, I was (and am) always delivering mail via IPv4 and had 
mentioned
problems (and also other people whose complaints I have read don't 
use IPv6

as well).


I see no difference in IPv4 vs IPv6. You do need to have rDNS properly 
setup and we use SPF and DKIM, no DMARC. IPs from a cloud provider to 
boot. Good deliverability.


When I tried IPV6 from Hetzner some time ago, gmail dropped everything 
outright until I set up DKIM.


--GM


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Luis E. Muñoz via mailop]

On 24 Jul 2020, at 7:48, Jaroslaw Rafa via mailop wrote:

Not true, I was (and am) always delivering mail via IPv4 and had 
mentioned
problems (and also other people whose complaints I have read don't use 
IPv6

as well).


I see no difference in IPv4 vs IPv6. You do need to have rDNS properly 
setup and we use SPF and DKIM, no DMARC. IPs from a cloud provider to 
boot. Good deliverability.


Best regards

-lem

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[G. Miliotis via mailop]

On 24/7/2020 7:13 μ.μ., John Levine via mailop wrote:

In article <20200724160354.gg9...@ikki.ethgen.ch> you write:

I think it might happen that in past hetzner (my hosting provider) ...

Oh, there's your problem. Hetzner's network spews garbage. I don't
accept any mail from it at all.



That's up to you. I guess this email would never reach any of your 
users, then.


Soon it will become less and less effective to block providers, you see 
the rising spam volumes from all providers, including the big boys. The 
whole argument seems to me to be a Hetzner netblock issue for the OP. I 
faced the same issue, adding dkim/dmarc helped.



--GM


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Eric Tykwinski via mailop]

> 
> Oh, there's your problem. Hetzner's network spews garbage. I don't
> accept any mail from it at all.

I'm willing to bet that almost all large cheaper providers have issues, at 
least from what I've seen myself.  This nice tool was just on the FrontPage of 
Hacker News: https://github.com/freeCodeCamp/mail-for-good/tree/heroku/stable, 
so I'm expecting a new wave of spam from AWS probably shortly.
Sadly, when people try to do good, it usually gets followed by bad actors 
sooner than later.

> R's,
> John

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300





___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Thomas Walter via mailop]

Hi,

On 24.07.20 18:09, Marcel Becker via mailop wrote:
> Not saying that it's the case here (what do I know about Google's spam
> filters or your friends...) but sometimes the cause for this is on the
> receiving end and quite low tech. Ie: We have quite a few cases where
> users mark mail from uncle Bob as spam and then complain that mail from
> uncle Bob is in the spam folder. 
oh how I loathe the more or less daily abuse messages from Microsoft's
mail services that are perfectly reasonable e-mails from students or staff.

Users either don't understand what it means if they mark an email as
spam or they don't understand the difference between trash and junk -
which can be a language / translation issue...

And they are always really happy when I contact them and tell them
everything about the full mail content that got forwarded to abuse.

If you ask people about Spam, a lot of them will tell you it is
"annoying email they don't want to think about", not bulk unsolicited
messages for the purposes of advertising, phishing, malware, etc.

Regards,
Thomas Walter

-- 
Thomas Walter
Datenverarbeitungszentrale

FH Münster
- University of Applied Sciences -
Corrensstr. 25, Raum B 112
48149 Münster

Tel: +49 251 83 64 908
Fax: +49 251 83 64 910
www.fh-muenster.de/dvz/

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Alan Hodgson via mailop]

On Fri, 2020-07-24 at 12:13 -0400, John Levine via mailop wrote:
> In article <20200724160354.gg9...@ikki.ethgen.ch> you write:
> > I think it might happen that in past hetzner (my hosting provider) ...
> 
> Oh, there's your problem. Hetzner's network spews garbage. I don'taccept any
> mail from it at all.

Yeah. And unfortunately it seems every VPS and self-hosting provider is in
pretty much the same boat for mail delivery nowadays. Too much abuse.
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[John Levine via mailop]

In article <20200724160354.gg9...@ikki.ethgen.ch> you write:
>I think it might happen that in past hetzner (my hosting provider) ...

Oh, there's your problem. Hetzner's network spews garbage. I don't
accept any mail from it at all.

R's,
John

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] BIMI pilot @ Google

[Robert L Mathews via mailop]

On 7/24/20 2:51 AM, Christian de Larrinaga via mailop wrote:

> All emails on this list are showing with red DKIM signed boxes

That's because this list alters the message From header and body without
re-signing it. (If the list re-signed outgoing Mailman messages with a
"mailop.org" DKIM signature, it would work.)


> Is this useful?

Sure: It's saying you got a message claiming to be from
mailop@mailop.org that isn't signed by mailop.org, which is exactly what
it's supposed to do.

Whether one decides to trust something less based on that is a different
matter. For example, I care about the DKIM verifier result for messages
claiming to be from my bank, but I don't worry about it for list messages.

That said, if every MUA showed DKIM results, I suspect there would be a
lot more DKIM signing just based on the naive complaints it would
generate. Few people cared about making sure their non-financial website
used SSL until every browser started claiming it was "not secure".

-- 
Robert L Mathews, Tiger Technologies, http://www.tigertech.net/

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] BIMI pilot @ Google

[John Levine via mailop]

In article <7ed4f483-3d83-e6aa-b6f6-07f6f283e...@lightmeter.io> you write:
>This is the concerning part -- it seems that BIMI will disadvantage smaller / 
>independent mail networks by introducing a new barrier to having
>their valid mail treated equally to their large corporate peers.

Having talked at length to people who are working on BIMI, I doubt
it'll be a problem. BIMI is about showing logos, not about getting
into the inbox.

BIMI uses DMARC to decide whether to consider a message for BIMI logo display.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Marcel Becker via mailop]

On Fri, Jul 24, 2020 at 2:02 AM Klaus Ethgen via mailop 
wrote:

> Recently, I heard often that my mails to friends on gmail ended up in
> spam.
>
>
Not saying that it's the case here (what do I know about Google's spam
filters or your friends...) but sometimes the cause for this is on the
receiving end and quite low tech. Ie: We have quite a few cases where users
mark mail from uncle Bob as spam and then complain that mail from uncle Bob
is in the spam folder.
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Klaus Ethgen via mailop]

Am Fr den 24. Jul 2020 um 15:51 schrieb Michael Peddemors via mailop:
> We have found that the FIRST thing you need to do is put a sane SPF record
> in place for IPv4 traffic.. This has resolved the issue for most of the
> cases we have seen for clients.

Not the issue. The SPF is fully correct.

I debugged with Bjørn Bürger (thanks for helping) and found out that the
error is "weist große Ähnlichkeit zu früheren Spam Nachrichten auf". As
I never sent spam at all, it seems that this google crap is a self
fullfilling oracle.

I think it might happen that in past hetzner (my hosting provider) was
in some blacklist. That might have been a reason for past mails to end
in spam folder. Now. as how stupid is the most of gmail users (present
excluded), I think that they just read the mail in the spam folder and
did delete them or just kept them there. As the result, now all new
mails end in spam too.

And I am afraid that there is nothing I can do to solve that. :-(

Regards
   Klaus
-- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C


signature.asc
Description: PGP signature
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Klaus Ethgen via mailop]

Hi,

Am Fr den 24. Jul 2020 um 14:20 schrieb Faisal Misle via mailop:
> I also strongly recommend you start signing with DKIM. You may not have had a 
> use for it, but now you do.

I did it now and fallen in all misstakes one could do.
- First I tried out a ed25519 key. That worked very fast but it seems to
  be not that wide supported.
- Well fine, lets create a RSA 4096. But why the hell is my Bind
  stopping to resolve the zone!? It seems that it is not possible to
  create lines longer than 255 bytes. You have to concate them with
  spaces in between. Well, how good that bind does write that good log
  messages. (NONE!!!)

GRML

Regards
   Klaus
-- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C


signature.asc
Description: PGP signature
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Klaus Ethgen via mailop]

Am Fr den 24. Jul 2020 um 15:34 schrieb Thomas Hochstein via mailop:
> In my experience, most problems concerning mail delivery
> to Google disappear as soon as you deliver mail over ipv4
> (instead of ipv6).

I knew about that issue. But my mail server is still IPv4 only so no
issue for me.

Regards
   Klaus
-- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C


signature.asc
Description: PGP signature
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Jaroslaw Rafa via mailop]

Dnia 24.07.2020 o godz. 16:34:51 Thomas Hochstein via mailop pisze:
> 
> In my experience, most problems concerning mail delivery
> to Google disappear as soon as you deliver mail over ipv4
> (instead of ipv6).

Not true, I was (and am) always delivering mail via IPv4 and had mentioned
problems (and also other people whose complaints I have read don't use IPv6
as well).
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Michael Peddemors via mailop]

This thread pops up every couple months.

We have found that the FIRST thing you need to do is put a sane SPF 
record in place for IPv4 traffic.. This has resolved the issue for most 
of the cases we have seen for clients.




On 2020-07-24 7:44 a.m., Al Iverson via mailop wrote:

This is all good advice, primarily, try IPv4 + DKIM.
The contact process for Gmail is this form:
https://support.google.com/mail/contact/bulk_send_new
Though it is geared toward bulk senders, it might be worth trying.

Also, encourage your friends to provide feedback to Gmail by clicking
on "not spam."
This feedback is used by Gmail to tune their filters.

And though I agree that this does not scale, any friend could choose
to whitelist your emails inside of Gmail by creating a filter to match
your from address and then choosing "never send to spam." I know it's
not great or fair, but this does work.

Cheers,
Al Iverson

On Fri, Jul 24, 2020 at 8:25 AM Faisal Misle via mailop
 wrote:


I also strongly recommend you start signing with DKIM. You may not have had a 
use for it, but now you do.

Best,
Faisal

PGP Key: C8FD029B


On Fri, Jul 24, 2020 at 4:45 AM, Andrew C Aitchison via mailop 
 wrote:

On Fri, 24 Jul 2020, Klaus Ethgen via mailop wrote:


Hi folks,

Recently, I heard often that my mails to friends on gmail ended up in
spam.

As my mails are always plain text, signed by PGP and coming from a mail
server that I can assure is never sending spam or even high amount of
mails, that is not in any blacklist, I wonder, what makes it google to
believe that my mails should be in spam? (On the other side, the left
clear spams sent by amavis, mailchimp or others in the inbox.)


Plain text and low volumes of mail may count *against* you.


Is there any I can do to prevent google to hide the mails from my
friends?

Ah yes, before you ask, I hav a strong SPF record, my mailserver forces
encryption (with a cacert certificate) but I didn't implement DKIM as I
see no use for it.


I suggest you add an appropriate DMARC record(s) to declare your
SPF and DKIM policies.


I do mails for long time now but it is a mystery for me what google is
doing wrong here. As a private person with low traffic mail server I
also have not the power to negotiate this with google.

Regards
Klaus
--
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C



--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop








--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Al Iverson via mailop]

This is all good advice, primarily, try IPv4 + DKIM.
The contact process for Gmail is this form:
https://support.google.com/mail/contact/bulk_send_new
Though it is geared toward bulk senders, it might be worth trying.

Also, encourage your friends to provide feedback to Gmail by clicking
on "not spam."
This feedback is used by Gmail to tune their filters.

And though I agree that this does not scale, any friend could choose
to whitelist your emails inside of Gmail by creating a filter to match
your from address and then choosing "never send to spam." I know it's
not great or fair, but this does work.

Cheers,
Al Iverson

On Fri, Jul 24, 2020 at 8:25 AM Faisal Misle via mailop
 wrote:
>
> I also strongly recommend you start signing with DKIM. You may not have had a 
> use for it, but now you do.
>
> Best,
> Faisal
>
> PGP Key: C8FD029B
>
>
> On Fri, Jul 24, 2020 at 4:45 AM, Andrew C Aitchison via mailop 
>  wrote:
>
> On Fri, 24 Jul 2020, Klaus Ethgen via mailop wrote:
>
> > Hi folks,
> >
> > Recently, I heard often that my mails to friends on gmail ended up in
> > spam.
> >
> > As my mails are always plain text, signed by PGP and coming from a mail
> > server that I can assure is never sending spam or even high amount of
> > mails, that is not in any blacklist, I wonder, what makes it google to
> > believe that my mails should be in spam? (On the other side, the left
> > clear spams sent by amavis, mailchimp or others in the inbox.)
>
> Plain text and low volumes of mail may count *against* you.
>
> > Is there any I can do to prevent google to hide the mails from my
> > friends?
> >
> > Ah yes, before you ask, I hav a strong SPF record, my mailserver forces
> > encryption (with a cacert certificate) but I didn't implement DKIM as I
> > see no use for it.
>
> I suggest you add an appropriate DMARC record(s) to declare your
> SPF and DKIM policies.
>
> > I do mails for long time now but it is a mystery for me what google is
> > doing wrong here. As a private person with low traffic mail server I
> > also have not the power to negotiate this with google.
> >
> > Regards
> > Klaus
> > --
> > Klaus Ethgen http://www.ethgen.ch/
> > pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen 
> > Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
> >
>
> --
> Andrew C. Aitchison Kendal, UK
> and...@aitchison.me.uk
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



-- 
Al Iverson // Wombatmail // Chicago
Song a day! https://www.wombatmail.com
Deliverability! https://spamresource.com
And DNS Tools too! https://xnnd.com

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Thomas Hochstein via mailop]

Am 2020-07-24 10:54 Klaus Ethgen via mailop wrote:


Recently, I heard often that my mails to friends on gmail
ended up in spam.


[...]


Is there any I can do to prevent google to hide the mails
from my friends?


In my experience, most problems concerning mail delivery
to Google disappear as soon as you deliver mail over ipv4
(instead of ipv6).

See

(German language only).

-thh

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Faisal Misle via mailop]

I also strongly recommend you start signing with DKIM. You may not have had a 
use for it, but now you do.

Best,
Faisal

PGP Key: [C8FD029B](https://pgp.faisal.ec/)

On Fri, Jul 24, 2020 at 4:45 AM, Andrew C Aitchison via mailop 
 wrote:

> On Fri, 24 Jul 2020, Klaus Ethgen via mailop wrote:
>
>> Hi folks,
>>
>> Recently, I heard often that my mails to friends on gmail ended up in
>> spam.
>>
>> As my mails are always plain text, signed by PGP and coming from a mail
>> server that I can assure is never sending spam or even high amount of
>> mails, that is not in any blacklist, I wonder, what makes it google to
>> believe that my mails should be in spam? (On the other side, the left
>> clear spams sent by amavis, mailchimp or others in the inbox.)
>
> Plain text and low volumes of mail may count *against* you.
>
>> Is there any I can do to prevent google to hide the mails from my
>> friends?
>>
>> Ah yes, before you ask, I hav a strong SPF record, my mailserver forces
>> encryption (with a cacert certificate) but I didn't implement DKIM as I
>> see no use for it.
>
> I suggest you add an appropriate DMARC record(s) to declare your
> SPF and DKIM policies.
>
>> I do mails for long time now but it is a mystery for me what google is
>> doing wrong here. As a private person with low traffic mail server I
>> also have not the power to negotiate this with google.
>>
>> Regards
>> Klaus
>> --
>> Klaus Ethgen http://www.ethgen.ch/
>> pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen 
>> Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
>>
>
> --
> Andrew C. Aitchison Kendal, UK
> and...@aitchison.me.uk
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] BIMI pilot @ Google

[Jakub Olexa via mailop]

Hi,

the whole VMC process is still being developed and tested (that's what
the pilot is for). I'd say most of the BIMI group members if not all
understand that the VMC needs to be affordable. BIMI has not been
developed for the fortune 100 but for all brands.

Jakub Olexa
Founder & CEO
E-mail: ja...@mailkit.com 
Tel: +420 777 744 440 

Mailkit - Closing the circle between Deliverability and Engagement


On 24.7.2020 15:04, Jonathan Leroy - Inikup via mailop wrote:
> Le mer. 22 juil. 2020 à 14:50, Sidsel Jensen via mailop
>  a écrit :
>> I read today at 
>> https://cloud.google.com/blog/products/g-suite/gsuite-security-updates-for-gmail-meet-chat-and-admin
>>  - that Google/Gmail is starting a BIMI pilot.
>> I hope Google will share the results of the pilot - perhaps at the next 
>> M3AAWG?
> Regarding the certification part: is there any public page listing
> requirements / processes?
> Also I have not found any public prices on DigiCert or Entrust
> websites. Does anyone know if the certification will be affordable for
> (very) small businesses?
>


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] BIMI pilot @ Google

[Jonathan Leroy - Inikup via mailop]

Le mer. 22 juil. 2020 à 14:50, Sidsel Jensen via mailop
 a écrit :
> I read today at 
> https://cloud.google.com/blog/products/g-suite/gsuite-security-updates-for-gmail-meet-chat-and-admin
>  - that Google/Gmail is starting a BIMI pilot.
> I hope Google will share the results of the pilot - perhaps at the next 
> M3AAWG?

Regarding the certification part: is there any public page listing
requirements / processes?
Also I have not found any public prices on DigiCert or Entrust
websites. Does anyone know if the certification will be affordable for
(very) small businesses?

-- 
Jonathan Leroy

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] BIMI pilot @ Google

[Sam Tuke via mailop]

On 23/07/2020 23:21, Nick via mailop wrote:
> On 2020-07-23 21:00 BST, Brandon Long via mailop wrote:
>> If you had a workable idea for how to do this without a new authority
>> and money changing hands, I'm sure everyone involved would love to
>> hear about it> I'm not as sure as you are.  To be part of BIMI is to be in a 
>> relatively
> exclusive club.  That's the whole point.

This is the concerning part -- it seems that BIMI will disadvantage smaller / 
independent mail networks by introducing a new barrier to having their valid 
mail treated equally to their large corporate peers.

Any email verification system which relies on centralised, pay-to-play services 
undermines the decentralised principles of email as a whole, harming equal 
access (and fair treatment) for all players.

Sam.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] BIMI pilot @ Google

[Matthias Leisi via mailop]

> S/MIME offers more traditional digital signatures using CA signed 
> certificates.  I would
> not call that widely deployed, I certainly have never seen it from any 
> marketing/transactional
> mail, maybe once or twice from a medical insurance company.  Support in mail 
> clients is
> fairly widely deployed, possibly more so than DKIM.

Webmail is usually poor in properly showing signature verification. 

One big provider which starts with a „G“ seems to silently ignore attachments 
with „Content-Type: application/pkcs7-signature". :)

(Everything works as it should when accessed over IMAP, no problem there.)

— Matthias


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Jaroslaw Rafa via mailop]

Dnia 24.07.2020 o godz. 09:54:55 Klaus Ethgen via mailop pisze:
> 
> Recently, I heard often that my mails to friends on gmail ended up in
> spam.
> 
> As my mails are always plain text, signed by PGP and coming from a mail
> server that I can assure is never sending spam or even high amount of
> mails, that is not in any blacklist, I wonder, what makes it google to
> believe that my mails should be in spam? (On the other side, the left
> clear spams sent by amavis, mailchimp or others in the inbox.)
[...]
> I do mails for long time now but it is a mystery for me what google is
> doing wrong here. As a private person with low traffic mail server I
> also have not the power to negotiate this with google.

Welcome to the club :(

I experienced this two times in the last year. Many people also wrote here
and on Google forums that they experience the same.

I suppose that they created an AI engine to filter spam that grew too big
and became quite uncontrollable. Even the people who created it aren't
probably completely sure how it works (of course, nobody will ever admit
that).

What I can advise is, first follow Google's sender guidelines:
https://support.google.com/mail/answer/81126?hl=en . They require you to
have SPF, DKIM and DMARC in place - it may be some pain in the ass to do it
if you didn't yet, but I'm afraid you have no other choice. I was also
forced to implement it when I had my issues with Gmail. If it doesn't help
(in my case it didn't), then get the headers of a message that was
mis-classified as spam from one of your recipients (or create a test Gmail
account yourself and send a message to it), and use th Google contact form
to send the headers to them:
https://support.google.com/mail/contact/bulk_send_new . There is no
guarantee that this will help and they even say in this form that there
won't be any reply(!), but that's all you can do.

There is also Brandon from Google on this list, you can try to ask him, but
I'm not sure to what extent he can help.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] BIMI pilot @ Google

[Christian de Larrinaga via mailop]

On 23/07/2020 20:06, Andrew C Aitchison via mailop wrote:




Are there that many IMAP based mail clients which feature contact 
avatars?


Apparently there is a Thunderbird addon 'dkim verify'
which uses the favicon of the signing domain:
https://stackoverflow.com/questions/59465208/thunderbird-icon-in-from
https://addons.thunderbird.net/en-GB/thunderbird/addon/dkim-verifier/versions/
https://github.com/lieser/dkim_verifier/wiki/Options#use-dmarc-to-heuristically-determine-if-an-e-mail-should-be-signed

It is DMARC aware and supports Thunderbird v68 but not yet the latest 
v78.



I installed it on Monday when I pushed focal fossa onto my laptop but 
stuck with an updated v68. It shows a coloured box on the menu bar. 
Green for compliant and Red when not .. blue when it can't check the DNS.


All emails on this list are showing with red DKIM signed boxes

Is this useful? I'd much prefer to see Thunderlink or equivalent which 
Mozilla trashed. That is very useful - even essential. So I may have to 
fall back on gnus... urgh!


C


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[sivasubramanian muthusamy via mailop]

On Fri, Jul 24, 2020 at 2:35 PM Klaus Ethgen via mailop 
wrote:

> Hi folks,
>
> Recently, I heard often that my mails to friends on gmail ended up in
> spam.
>
> As my mails are always plain text, signed by PGP and coming from a mail
> server that I can assure is never sending spam or even high amount of
> mails, that is not in any blacklist, I wonder, what makes it google to
> believe that my mails should be in spam? (On the other side, the left
> clear spams sent by amavis, mailchimp or others in the inbox.)
>
> Is there any I can do to prevent google to hide the mails from my
> friends?
>
> Ah yes, before you ask, I hav a strong SPF record, my mailserver forces
> encryption (with a cacert certificate) but I didn't implement DKIM as I
> see no use for it.
>
> I do mails for long time now but it is a mystery for me what google is
> doing wrong here. As a private person with low traffic mail server I
> also have not the power to negotiate this with google.
>

I don't use PGP, I have no idea what an SPF record is, but I have the same
problem.  Some recipients find some of my gmail messages are marked spam,
does any one here have an email address of gmail to write to ?


>
> Regards
>Klaus
> --
> Klaus Ethgen   http://www.ethgen.ch/
> pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
> Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Andrew C Aitchison via mailop]

On Fri, 24 Jul 2020, Klaus Ethgen via mailop wrote:


Hi folks,

Recently, I heard often that my mails to friends on gmail ended up in
spam.

As my mails are always plain text, signed by PGP and coming from a mail
server that I can assure is never sending spam or even high amount of
mails, that is not in any blacklist, I wonder, what makes it google to
believe that my mails should be in spam? (On the other side, the left
clear spams sent by amavis, mailchimp or others in the inbox.)


Plain text and low volumes of mail may count *against* you.


Is there any I can do to prevent google to hide the mails from my
friends?

Ah yes, before you ask, I hav a strong SPF record, my mailserver forces
encryption (with a cacert certificate) but I didn't implement DKIM as I
see no use for it.


I suggest you add an appropriate DMARC record(s) to declare your
SPF and DKIM policies.


I do mails for long time now but it is a mystery for me what google is
doing wrong here. As a private person with low traffic mail server I
also have not the power to negotiate this with google.

Regards
  Klaus
--
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C



--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Google and Spam detection

[Klaus Ethgen via mailop]

Hi folks,

Recently, I heard often that my mails to friends on gmail ended up in
spam.

As my mails are always plain text, signed by PGP and coming from a mail
server that I can assure is never sending spam or even high amount of
mails, that is not in any blacklist, I wonder, what makes it google to
believe that my mails should be in spam? (On the other side, the left
clear spams sent by amavis, mailchimp or others in the inbox.)

Is there any I can do to prevent google to hide the mails from my
friends?

Ah yes, before you ask, I hav a strong SPF record, my mailserver forces
encryption (with a cacert certificate) but I didn't implement DKIM as I
see no use for it.

I do mails for long time now but it is a mystery for me what google is
doing wrong here. As a private person with low traffic mail server I
also have not the power to negotiate this with google.

Regards
   Klaus
-- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C


signature.asc
Description: PGP signature
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop