Re: [mailop] Are there other comparable services like spamcop.net / spamhaus.org?

On Wed, 3 Apr 2024, Laura Atkins wrote: They do not accept third party samples and never have. They are now. https://submit.spamhaus.org/ Huh. Nobody tells me nothin'. Regards, John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading

Re: [mailop] One click unsubscribe in mailing list messages

On Sun, 25 Feb 2024, Ken O'Driscoll wrote: Outlook has supported list-unsubscribe for at least a year, if not longer. But, it's an add-on you need to proactively install so... I'm looking at the list of add-ins and I don't see it. Maybe it's Windows only and I'm on a Mac? R's, John It

Re: [mailop] Is forwarding to Gmail basically dead?

Frustratingly, some see DKIM as too complicated and they run their own mail servers and simply won't set it up. I agree that it's annoying to do ... but it's become pretty close to necessary these days. The users with the worst problems were my local town government who were getting mail from

Re: [mailop] [E] Re: Spamfolder mini rant (Was: Contact Google Postmaster)

That’s not the only option they offer. While they might use POP3 for most accounts in the ancient “import” flow, they do support adding 3rd party accounts properly via IMAP via their Gmailify feature. Oh, OK. That only works for a handful of large providers. For my users it says too bad, POP

Re: [mailop] ECDSA DKIM validation?

On Thu, 21 Dec 2023, Stuart Henderson wrote: If you've had to talk someone not very technical through adding a DKIM RSA key to a poorly implemented web interface from some cheap DNS provider that doesn't handle long TXT records, you might feel differently. I take your point but I can only have

Re: [mailop] ECDSA DKIM validation?

On Thu, 21 Dec 2023, Mike Hillyer wrote: John Said: I'm sure that Google has code somewhere that can validate ED25519 signatures. But that does not mean that it would be a good idea for them to use that code in production today and try to update their reputation systems to deal with the dual

Re: [mailop] ECDSA DKIM validation?

On Thu 21/Dec/2023 10:37:52 +0100 John Levine via mailop wrote: Yes, your code should handle them. No, that doesn't mean you should sign with them. Yup. The question was why Gmail doesn't /verify/ ed25519 signatures. Answering that they do so because it's not necessary to use them doesn't

Re: [mailop] dnsbl.spam.fail

I also block most mail from Hetzner's network. It's not a vendetta, it's not extortion, it's purely practical. My time is not unlimited, the vast majority of the mail from that network is spam and if a tiny bit of real mail gets lost, so be it. It is not worth my time to make exceptions in my

Re: [mailop] Gmail says "Message bounced due to organizational settings."

I'm doing some work for arxiv.org, the preprint server at Cornell university. Many gmail users have reported that when they try to send mail to arxiv.org addresses to update their subscriptions, it fails saying Message Blocked, with the explanation "Message bounced due to organizational

Re: [mailop] greylisting, SendGrid is deleting your mail

Do you have any idea how many of those would be tripped up by a Postfix-style banner delay? Good question. I've been meaning to add a greet pause but haven't yet gotten around to it. I got around to it and now do a greet pause before I greylist. Most of the hosts on the Spamhaus BLs are

Re: [mailop] SPF: Does include: a host without TXT entry invalidate the whole SPF entry?

If you don't care enough to publish a valid SPF record, why should we think you care whether we deliver your mail? The customer in question used an ESP to send marketing emails. That ESP told him what host to include in his SPF record. Probably some years later, that ESP changed domain and

Re: [mailop] push and pull, Microsoft Office365 not rejecting emails when instructed so by SPF recored?

Not really.  Partly it's that they don't want to send stuff by SMTP where a glitch could bounce the statement into some random admin's mailbox or a spam scanner might do who knows what with it.  But mostly it's that they want to train their users to use a web browser with an SSL connection to

Re: [mailop] push and pull, Microsoft Office365 not rejecting emails when instructed so by SPF recored?

On Tue, 30 May 2023, post...@sfina.com wrote: https://cr.yp.to/im2000.html You can tell from its name how long ago it was, and from the fact that you never heard of it before how successful it was. If I may respectfully encourage you to look at how you receive your online banking statements,

Re: [mailop] address rewriting, Thoughts on envelope address local-part length limits

On Mon, 15 May 2023, Brandon Long wrote: Yes, VERP and SRS are the two most obvious cases where their design inherently doesn't work with the limit (encoding the full email address into the mailbox portion) You'd need to either get fancy with the domain portion, which has its own complications

Re: [mailop] SPF behavior on email forwarding

In other words, SPF check is not something what helps with SPAM here, seems that spammers adapted to it... As far as I know, SPF was never meant as an anti-spam measure. It was most definitely touted as an anti-spam measure. Some of us were there. Absolutely. Spent time listening to Meng

Re: [mailop] Mailing Lists and domains with DMARC reject

Would a MUA send a POST to a known domain if it was found on a message coming from an unknown, or anyway different domain? Maybe.  It's quite common for a message to come from some company and the links to point back to the ESP. Isn't it difficult to agree on opaque tokens in that case?

Re: [mailop] Mailing Lists and domains with DMARC reject

Yes, the idea was to prevent malicious unsubs by sending fake spam with someone else's one-click unsub. Would a MUA send a POST to a known domain if it was found on a message coming from an unknown, or anyway different domain? Maybe. It's quite common for a message to come from some company

Re: [mailop] Mailing Lists and domains with DMARC reject

Yeah, RFC4871 was a proposed standard, RFC6376, four years later became an Internet standard. Once there was a level in between... Seems that 4 years was not enough ;-) Or we understand idea behind that RFC wrongly... Keep in mind that DMARC was invented long after SPF and DKIM. Also that

Re: [mailop] warming up IPs, Microsoft?

Huh. We don't have any issues sending email to them from Linode, including a small number from one of our new IP addresses I've been trying to warm up. Linode has a bunch of different IP address blocks and I would expect recipients to block the ones that send annoying amounts of spam. That's

Re: [mailop] warming up IPs, Microsoft?

It also occurs to me that you don't need to do your computing and mail on the same VM. Mail is rather lightweight so you could run a mail server at Tektonic, and send messages from other places via port 587 submission. On Sun, 5 Mar 2023, Mark Fletcher wrote: On Sun, Mar 5, 2023 at 10:20 AM

Re: [mailop] warming up IPs, Microsoft?

Thanks for the recommendation; unfortunately they wouldn't work for us. Their largest VM is less than half the size we would need for our databases, also they don't appear to have an API to provision new VMs. If you need a big VM there's always AWS. They do a surprisingly good job of

Re: [mailop] warming up IPs, Microsoft?

On Sun, 5 Mar 2023, Mark Fletcher wrote: Best I can tell, in our 9+ years, being hosted by Linode has never been an issue wrt deliverability, and as a hosting provider, they've been nothing but responsive and reliable. That said, they were recently bought by Akamai, and have just raised prices.

Re: [mailop] Does gmail accept unicode character in From domain? I don't think so

It occurs to me that if you only have a handful of addresses with accented Latin characters, they are probably typos, not real addresses. Unless you're sending mail to south or southeast Asia, just get rid of them. On Fri, 3 Mar 2023, Alex Burch wrote: Thanks everyone. Is there any reason

Re: [mailop] Does gmail accept unicode character in From domain? I don't think so

We are an ESP and we have a lot of customers who send with characters like ü or á, usually in the local part but occasionally in the domain. I think if we converted all from addresses to pure ascii punycode, we'd solve our problems rather than trying to keep them unicode and rely on SMTPUTF8

Re: [mailop] Does gmail accept unicode character in From domain? I don't think so

Thanks everyone. Is there any reason not to just always use punycode for the domain and keep it pure ascii? Seems safer that way. Are there any known risks to doing that? "Always" in what context? The whole point of IDNs and EAI is so that people who don't speak English can use mail addresses

Re: [mailop] Mail Sending Self-Test Platform

Still, i am a bit wondering; Looking at the data flushed in so far (and already multiple bugs filed against implementations)... there are a lot of funny milters and often unmaintained software integrated in funny docker stacks (probably preaching to the choir there, but i have a lot of grievances

Re: [mailop] Mail Sending Self-Test Platform

dmarcv1 is a typo in the description (i correctly check for DMARC1, otherwise this would have shown up earlier); ?? The actual complaint is psd=n; Lemme see if i can make the report more clear re: where it complained. Do you maybe have some context on psd=n? I can't find it in 7489. It's in

Re: [mailop] DMARC Stockholm syndrome, Reject vs spam folders

On Fri, 16 Sep 2022, Brandon Long wrote: For thirty years we all used mailing lists that didn't mess with the author's name or address, so you could easily reply eiher to the authors or the list (and please don't mansplain to me what Reply-To does.) That stopped working when AOL and Yahoo

Re: [mailop] FW: Did Google become stricter about RFC 5322?

On Fri, 15 Jul 2022, Michael Ellis wrote: The body text lines are likely more than 998 characters. They have a feature to break long lines but they didn't enable it. The headers lines will all be well below 998 characters. That's probably what's wrong. 5322 says all the lines, not just the

Re: [mailop] FTC Report on Feasibility of Creating a 'Do Not Email' List

Note that, in spite of DMARC, we still do not have per-user authentication. We have at least two flavors in PGP and S/MIME, When something exists for 30 years and has market penetration that cannot even rise to the level of being called 'meager'. /WE/ -- it, the Internet community -- does

Re: [mailop] Spamhaus: Get more details about LISTING (Could a DMARC Report Address point to a spamtrap)?

On Tue, 17 May 2022, Tobias Fiebig wrote: However, judging from the state of DMARC reporting by the bounces hitting my report-from (_large_ orgs having non existent mailboxes in there etc.), I'd argue that the only thing that prevents ruf/rua that are stale for a decade is the age of RFC7489.

Re: [mailop] SMTP line wrapping breaking DKIM signatures when forwarding

On Thu, 28 Apr 2022, Dave Crocker wrote: Actually, for the current discussion, there is only a single issue: Should an intermediate relay get fussy and modify the substance of a message? That is one way to look at it, but as I said in the message you just replied to, in this case not

Re: [mailop] DKIM by the third party

My main point is this: ESPs and other 3rd party SMTP services - should be aware that using an SPF record that validates against the provider's domain in the SMTP envelope-FROM (and not the actual client's domain) - AND ALSO - having only one DKIM record which uses the provider's domain in the

Re: [mailop] Fwd: RFC 9228 on Delivered-To Email Header Field

On Thu, 14 Apr 2022, Dave Crocker wrote: Without knowing what mail software your provider is running, there is no way to tell. The benefit of an over-the-wire approach to specification writing is that all that matters is what goes... over the wire. One does not need to know the 'intent' or

Re: [mailop] not a way to do abuse contacts, What am I supposed to do with abuse complaints on legit mail?

On Mon, 17 Jan 2022, Dan Mahoney wrote: It is quite simple to use RDAP to get the abuse contact email for anyone who has provided the info to their RIR. I do it all the time. The problem is that too many operators don't bother. If they don't tell the RIR, they are not likely to spend effort

[mailop] Sendgrid spam of the day -- crypto.com phish

For full headers see http://spample.iecc.com/eam/23683557 R's, John -- Forwarded message -- Date: Fri, 31 Dec 2021 20:36:03 From: Crypto.com To: i...@taugh.com Subject: Case ID 23045 -Important Notice: Update Your Account [8fGHc0PkvWohUASUVORK5CYII=] Dear Valued Customer,

Re: [mailop] Privacy research spam apparently from a grad student at Princeton

Which domain? Feel free to encode it out as need be. It was in my first message: From: Privacy Practices Registered at Namecheap, mail sent from AWS R's, John On Dec 14, 2021, at 6:49 PM, John Levine via mailop wrote: It appears that Simon Arlott via mailop said: On 14/12/2021

[mailop] Privacy research spam apparently from a grad student at Princeton

I got a couple of copies of this message to addresses scraped off my websites. It was sent from AWS cloud using a recently registered domain so it's likely a phish, but "Ross Teixeira" is a real person, a grad student at Princeton. Needless to say, sending blasts of spam to scraped addresses

[mailop] Bonus sendgrid spam of the day

Same outfit, same spamtrap address, this time touting our pals at AARP. So who is https://www.ninesevenpebble.com/ ? Full spam at http://spample.iecc.com/saa/23681599 Regards, John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this

[mailop] Sendgrid spam of the day

Sent to an address that has never been real but has been getting a lot of spam recently, touting insurance via one of those fake review sites that collects affiliate fees. Full copy here: http://spample.iecc.com/sys/23681598 Regards, John Levine, jo...@taugh.com, Taughannock Networks,

Re: [mailop] WhatCounts/Costco silliness

From memory, I believe ... Why are you guessing? The CAN SPAM law and the FTC's CAN SPAM rule are easy to find online. lot of mail programs now recognize List-Unsubscribe and give you an option in the frame of the message which is easier to recognize 1. But others do not Well, if you

Re: [mailop] WhatCounts/Costco silliness

List-Unsubscribe: List-Unsubscribe-Post: List-Unsubscribe=One-Click I don't know which fools to blame; The client Costco, or their ESP WhatCounts. Perhaps both. Definitely both. I don't work for or with WhatCounts, but I know who does, so I nudged

Re: [mailop] how SSL works, was IMAP and SMTP in the same or separated IPs?

On Fri, 15 Oct 2021, Michael wrote: I prefer to think that the company I pay $$ to for a cert, makes enough they don't have to sell our data. Remember, each lookup against Let's Encrypt shares information, that can be resold. Sorry, but that is simply wrong. It's not how SSL works. The

[mailop] Gosh I love sendgrid

Today's phish, sent directly from sendgrid to my father who has been dead since 2019. Relevant Received headers in the unlikely event anyone might want to track it down: Received: from o3.ptr4431.ordersnapp.com (o3.ptr4431.ordersnapp.com [167.89.47.140]) by mail1.iecc.com ([64.57.183.56])

Re: [mailop] DMARC: Anyone using pct=n with n !=0 and n !=100?

On Mon, 23 Aug 2021, A. Schulze wrote: Am 21.08.2021 um 20:30 schrieb John Levine: It appears that A. Schulze via mailop said: We review the reports once per month and inverstigate findings Depending on the current situation we plan to increase pct= If you mean the DMARC aggregate and

Re: [mailop] m-365 still works like a spammer !

On Sat, 24 Jul 2021, Lukas Tribus wrote: See SPF-aware greylisting: https://poolp.org/posts/2019-12-01/spf-aware-greylisting-and-filter-greylist/ Interesting idea, might try it sometime, but on my small system fuzzing IPs works well enough. I do have a whitelist but I find I only need to

Re: [mailop] DMARC Reject

Remember that when you publish p=reject, you're saying your mail is very UNimportant. If there's any doubt that a message is really from you, don't deliver it, throw it away. This makes sense if you are Paypal, you're phished 24/7/365, and your mail only says "something happened, look at

Re: [mailop] So how do you actually manage to send mails to outlook/hotmail?

On Mon, 12 Jul 2021, Marcus Hoffmann wrote: (Others at Hetzner seem to do fine. I really do not get the whole rating IP neighborhoods thing, but let's not get into that again. I can't change it anyway.) I can only speak for myself, but I have all of Hetzner's IPs routed into the spam trap,

Re: [mailop] Greylisting never passing on retry

On Wed, 21 Apr 2021, Peter Nicolai Mathias Hansteen wrote: SMTP was defined in the late 1970s and we didn't invent greylisting until about 2003. I don't think you can blame them for not being clairvoyant. No clairvoyance was required for taking account of greylisting in the 2008 update that

Re: [mailop] SPF prevents enabling IPv4+IPv6?

On Tue, 2 Mar 2021, Otto J. Makela wrote: Unfortunately, RFC 7208 section 4.6.4 DNS Lookup limits also states: As described at the end of Section 11.1, there may be cases where it is useful to limit the number of "terms" for which DNS queries return either a positive answer (RCODE 0) with

Re: [mailop] Spamhaus Public Mirror Error Return Code Update

On Tue, 16 Feb 2021, Alessandro Vesely wrote: rcode[*], such as FORMERR/ REFUSED, possibly followed by a more precise extended error code[†]. Except that REFUSED means something else, When Spamhaus sends REFUSED, it means you're trying to query a server than only paying customers can use,

Re: [mailop] What's the point of secondary MX servers?

Unfortunately, many sending clients (newsletters, announcements, etc.) do not retry if the initial delivery fails. That's impressively broken. Do you have specific examples? Back when I was tuning my greylister I found some rather strange retries, but I don't recall many senders that didn't

Re: [mailop] What's the point of secondary MX servers?

I use minger to validate secondary mx with the primary for account validity, is that not common then? If the primary is up, why would anyone be sending mail to the secondary? R's, John Sent from my iPad On 17 Dec 2020, at 21:28, John Levine via mailop wrote: As we all know, MX records

Re: [mailop] Google and Spam detection

Gmail has repeatedly said that they do not accept unauthenticated mail on IPv6. And with very good reason. Consider that you can very easily have a dedicated IP address for every email message you will ever send :-) Of course. Doesn't everyone do that? Regards, John Levine,

Re: [mailop] Rolling DKIM Key Disclosure

"Sorry, I think what you're looking for isnt useful, you're misinformed" isn't exactly a useful response when someone, especially a customer, asks for something, sadly. So what do you say when they demand 100% inbox placement and the ability to remotely delete mail they've already sent?

Re: [mailop] Rolling DKIM Key Disclosure

Hmm? SSS/TLS has never signed the content of a website. It only authenticates temporary symmetric encryption keys which are used to encrypt (not sign) the contents. Aw, come on. Web servers send a certificate at the beginning of the transaction. If I cared, it would take about 10 seconds to

Re: [mailop] Is Gmails DMARC check broken?

In article <947f2235-ae10-47b5-90cd-f096d5648...@wordtothewise.com> you write: Why is Google applying a strict reject when the policy is p=none? It is my understanding that Google requires all IPv6 mail to be SPF or DKIM authenticated with or without DMARC. The "aspf=s" is probably the

Re: [mailop] what is spam was Re: [External] Re: Horrible week for email deliverability - Looking for help with RackSpace/Emailsrvr

On Fri, 27 Mar 2020, Kevin A. McGrail wrote: And I take a the approach that there are implicit consent in transactions.  For example, you buy something from XYZ big box store's website.  There is a 100% implicit consent that you can receive emails about that order such as a receipt and shipping

Re: [mailop] [External] Re: Horrible week for email deliverability - Looking for help with RackSpace/Emailsrvr

Messages of all type but not a single feedback loop complaint.  These are definitely FPs as I disagree with your statement that a notice about COVID-19 from someone who signed up to a list would be false positives. ?? These are confirmed, opt-in customer / community lists.  Things like Fire

Re: [mailop] [EXTERNAL] Strange MIME headers from Microsoft

Yeah, looking for someone to have a peek at that. Rather Strange, to say the least. I looked at the logs, there's quite a few, all seem from outlook hosted accounts. -Original Message- From: mailop On Behalf Of John Levine via mailop Sent: Friday, March 6, 2020 9:35 AM To:

Re: [mailop] [FEEDBACK] whose address, was Approach to dealing with List Washing services, industry feedback..

message (this time to the correct address), it will end up in the recipient's spam folder, without them knowing why. Don't do it to them. Just delete those messages, don't put them to spam. I disagree. If the sender wants eyeballs to see their emails, they need some incentive to put in place

Re: [mailop] BIMI

On Tue, 10 Dec 2019, Brandon Long wrote: I guess it depends on how small. It's also that it's kind of self limiting, in the sense that if it's expensive enough that only few do it, then it doesn't have the same perceived bad effects like it would if 99% of mail had it. I think it could be a

Re: [mailop] Gmail marking email from me as spam

Are they still fundamentally constrained by their choice of network provider, despite complying with every possible security and delivery behaviour to warrant and verify the content and sender of every email? Yes. Remember, nobody else cares as much about the mail you send as you do. Has the

Re: [mailop] Gmail marking email from me as spam

It's a basic mistake to operate on whole netblocks and not individual senders. i somewhat disagree There are definitely networks that are so dirty that it's not worth accepting their mail. OVH hovers on the bad side of that line. If I were more interested in getting my mail to work than

Re: [mailop] Gmail marking email from me as spam

Just because you should by default accept mail from everyone *unless* the sender proved to be nasty/harmful/mailicious etc.? what if the look quite plausibly harmful? Right. I didn't get the message you were responding to, so I looked in the logs and see the IP is in the middle of a block

Re: [mailop] Anyone on this List with Access to Amazon SES Maillogs?

Hi, this is very odd, could you send a traceroute to those IPv6 destinations? I can confirm the servers do NOT refuse IPv6 connections. I suppose there is a transit problem from certain ISP. No, you're refusing the connections. When I connect via an IPv6 tunnel from HE you refuse the