[Mailman-Users] Re: Outlook blocked again, but strange response
Jayson Smith writes: > Update: Sometime in the night, my IP was silently removed from > Microsoft's block list. I've never had that happen, but all's well > that ends well, at least for now. Thanks for the update. Yes, that happens, and for those of us trying to support you all, this lack of transparency on the part of the big email providers is one of the most annoying aspects. It leaves us (and you) kind of helpless. -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@mail-archive.com
[Mailman-Users] Cloudmark blacklist
Jayson Smith writes: > I'm getting really tired of these unexplained blacklistings. Does > anyone know of any reliable outgoing Email service providers? What do you mean by that? Gmail for example allows you (or did allow you 18 months ago) to validate an alternate address through the usual "can you read this mail and send back a cookie" dance, and use those validated addresses in From. Unfortunately, in my experience at least Gmail won't allow you to use a non-gmail address in From unless you're using their app or browser client. Authenticated SMTP to port 587 doesn't cut it for whatever reason. The best I could figure out was sending through eg gmail using From: m...@gmail.com and setting Reply-To. > Ideally I want to continue to handle my own incoming Email because > I don't want someone else's spam blocking software deciding what > Emails I receive. I don't know of freemail who allows that, unfortunately. The closest I know of is Google, as above. -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@mail-archive.com
[Mailman-Users] Everything you need to know about SPF/DKIM but are too mad to ask
Dmitri Maziuk writes: > On 3/12/24 11:40, Julian H. Stacey wrote: > > > I'm interested what independent mailman-users@ think on technical > > issues of DKIM/SPF, Disclaimer: I'm not an independent user. I am a Mailman developer, a participant in the development of some of the most recent authentication protocols, and a paid or pro bono consultant on Mailman to three organizations without which the Internet as we know it would not exist (in some exaggerated sense, but it's true ;-). > It's only stopping the small mom-and-pop spammers. DKIM and SPF are not about stopping spam. They can't be, all they are is authentication of sending hosts. Most sending hosts are multiuser, so stopping spam has to be done by filtering by recipients. What these protocols do is provide a way to enable trusted senders to reliably get their mail through. As we see from the OP in this thread, that's aspirational, you can do everything according to the stated rules and still get blacklisted, but that's what conforming to protocols can do in theory (and often in practice). And in fact the default is to trust (at least to the extent that the recipient reads your mail to decide based on content whether it's spam instead of slamming the door on MAIL FROM). > And mailman users. Wrong. It's *enabling* Mailman users. If you're using email to communicate with people who would NOT be using email if it weren't for Minitel, AOL, Gmail, and Outlook365[1], grow up: you have to take the bad with the good. As long as there are legitimate mom-and-pop shops that don't participate in authentication protocols, the spammers can infiltrate those mail flows because those legit sources are indistinguishable from spammers "warming an IP", as big "ethical spammers" like SalesForce call it. If you're not participating in these protocols, you're helping to enable spam.[2] I'm not saying there aren't (more or less) legitimate reasons for not participating, at least locally. For example, the host that I use to communicate with students doesn't. I did use the university outgoing gateway at first, but I had to go to direct mail because they kept marking my terse homework submission acknowledgement emails as spam, I think it was mistaking the submission's Message-ID and other non- verbal data for URLs and profiling codes. Of course if you go up a level that's on the university (for one thing, they refused to add SPF and DKIM records for my subdomain).[3] But most of the time we can do it without great cost. Sure, it's an annoyance, and it's tricky to get set up correctly. But once you have your SPF, DKIM, and DMARC records set up, and your certificates lined up, there's very little maintenance. The university won't give me a certificate for my website for some reason, but so what, LetsEncrypt will, and I don't need a cert that's trusted by people who don't know me. (I used self-signed for a while but LetsEncrypt is even easier.) Right now I'm doing a 2->3 migration for a medium-size organization that's leaving a coloc host for the cloud, and so they have to give up their IPs. Guess what? SPF and DKIM means their reputation is going to be quite portable to the new IPs. Of course reputation at that level is really only meaningful for recipients at -- you won't believe this -- those big "oppressive" providers like Google and Microsoft who can afford massive ML systems to maintain site profiles. That's not a benefit you get everyday, but in this situation it's big. I get the feeling that "I'm not a spammer, why do I have to pay this cost?" too. But that's part of being an adult -- you sometimes have to clean up others' messes. The SPF-DKIM-DMARC-ARC dance is just not a very high cost to pay for the vast majority of us, and it's not even all that expensive to buy in the market (but I'm gonna be damned if I don't do my own and you probably feel that way too :-). And it's not just Google and Microsoft that benefit. We do too. If you want to complain about the big freemail and corporate providers, there are *plenty* of valid complaints. Complete lack of transparency, unresponsive service, failure to follow published rules, imposing high error rates on non-customers and then blaming lost mail on the sender, etc, etc. But asking us to do the minimum to authenticate if we want them to extend trust when our content triggers a false positive isn't one of them.[4] Steve Footnotes: [1] And you are -- the complaint was that Google forces you, but that's wrong -- the Gmail users on your lists are the assholes for using Gmail, OK? [2] And at scale: at one point in early 2014 Yahoo was receiving sustained flows of spam over 1 million per minute, according to a Yahoo admin I personally trust because she gave me a kitten once. :-) She reported that that campaign didn't even try once Yahoo put a p=reject DMARC policy in place. [3] I do have some sympathy for the postmasters because "it's always September on the Internet." [4] And
[Mailman-Users] Re: Cloudmark blacklist
Hi, What I mean is that I'd love to find a good, reliable smarthost I can direct my SMTP server on my VPS to use. I've heard knowledgeable friends say over and over and over again, "Anyone who runs their own Email server is just asking for trouble, it's not worth it any more." The real problem I'm seeing is that seemingly within the last few years, at least some VPS providers (Linode and Digital Ocean for sure) have started getting entire IP ranges put on blocklists. My first experience of being put on UCEPROTECT level 3 was on January 20, 2021, and a few weeks ago my IP wound up on UCEPROTECT level 2. Yes, I know how the UCEPROTECT lists work, but the point is that I never used to find my IP on those lists, but now it happens every few months. I have to think something has happened to cause more spammers to use these providers. As for incoming Email, I'd like for my own SMTP server to be able to continue handling it. The reason is that I don't want some other Email provider's spam blocking software deciding what I get to see. I have some incoming spam control measures in place for specific Email addresses that tend to receive a lot of spam, but for me and my family members, everything gets through. Yes this means we get incoming spam that comes our way, but it also means we don't have to worry about an important incoming message going missing because it was sent to the spam folder or silently discarded. Thanks for any thoughts, Jayson On 3/16/2024 5:26 AM, Stephen J. Turnbull wrote: Jayson Smith writes: > I'm getting really tired of these unexplained blacklistings. Does > anyone know of any reliable outgoing Email service providers? What do you mean by that? Gmail for example allows you (or did allow you 18 months ago) to validate an alternate address through the usual "can you read this mail and send back a cookie" dance, and use those validated addresses in From. Unfortunately, in my experience at least Gmail won't allow you to use a non-gmail address in From unless you're using their app or browser client. Authenticated SMTP to port 587 doesn't cut it for whatever reason. The best I could figure out was sending through eg gmail using From: m...@gmail.com and setting Reply-To. > Ideally I want to continue to handle my own incoming Email because > I don't want someone else's spam blocking software deciding what > Emails I receive. I don't know of freemail who allows that, unfortunately. The closest I know of is Google, as above. -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@mail-archive.com
