On 2022-02-09 14:33, Aki Tuomi wrote:

We did that replacement for a while, but people complained. We have ARC signing there, unfortunately it only works if you trust it.

ARC-Authentication-Results: i=1; talvi.dovecot.org; dkim=pass header.d=open-xchange.com header.s=201705 header.b=kWkbHwXq; dmarc=pass (policy=reject) header.from=open-xchange.com; spf=pass (talvi.dovecot.org: domain of aki.tuomi@open-xchange.com designates 87.191.57.183 as permitted sender) smtp.mailfrom=aki.tuomi@open-xchange.com

X-Spam-Status: No, score=-6.4 required=5.0 tests=AWL,DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,KAM_DMARC_STATUS,LOCAL_HASHWL_ALL, MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,RCVD_IN_HOSTKARMA_W, RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no

seems it breaks :/

Le 09/02/2022 à 16:55, Benny Pedersen a écrit :

hope maillist users turn there dkim signers into sign only, not verify aswell, verify must only happen in dmarc

I am a little bit confused.

• why not verify dkim ? It seems fine for your message. I get:

Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=94.237.105.223; helo=talvi.dovecot.org; envelope-from=dovecot-bounces@dovecot.org; receiver=<UNKNOWN> Authentication-Results: OpenDMARC; dmarc=pass (p=none dis=none) header.from=junc.eu Authentication-Results: vps2.salort.eu; dkim=pass (2048-bit key; secure) header.d=junc.eu header.i=@junc.eu header.a=rsa-sha256 header.s=default header.b=CC9G/2tV; dkim-atps=neutral

• Is it useful to install something besides OpenDMARC (OpenARC ?), or some dedicated OpenDMARC configurations, for the ARC-Seal to be useful ?

I suppose SPF works because the Envelope is correctly set to dovecot.org address, so I don't understand the problem the OP was mentionning.

Cheers,

Julien

when dkim pass there is no breakage, but dkim fail can lead to in some setups to make reject, even for maillists that is a design fail on dkim

I disagree. DKIM is doing its job. It is a design fail on the part of most mailing list and/or lack of user's DKIM signatures.

Look at it logically, DKIM is reporting that the email has been manipulated and isn't being delivered by the authorized server. Isn't that what you want out of DKIM? Detecting forged, phishing and spam email?

If you want to get emails that have been captured by a man in the middle, manipulated, then sent to you from a hackers server then why bother setting up DKIM at all? To us humans, we don't conceptually view a mailing list as doing that, but on the technical level that is what is happening when DMARC breaks.

It is possible for a mailing list to pass DMARC verification, but there doesn't seem to be a lot of motivation to put in the extra effort to make it work.

Regarding ARC; I don't get it, i don't see it as useful. The only thing ARC does is tell you that the server sending you email promises the email is legit. How does that prevent spam/phishing when the attack server can ARC something saying trust me its legit? And the big 3 using ARC, so what, what does it even mean? Gmail is telling you yep they got that email from someone else and are relaying it to you. What does that solve? Spammers send through gmail accounts and use private domains relayed through gmail servers for delivery. Great, ARC confirms it really was someone who sent that spam through gmail and gmail really did deliver it. How is that useful in fighting spam?

If im way off on that, feel free to set me straight.

Google, Yahoo and Microsoft, the big providers all use ARC, and have used it for years. But Wikipedia doesn't have much nice to say about it.

--> allows a receiving service to validate an email when the email's SPF and DKIM records are rendered invalid by an intermediate server's processing. ARC is defined in RFC 8617, published in July 2019, as "Experimental".

It sounds like a Microsoft/Google/corporate standard, not IETF. I do seem to have trouble communicating with insurance companies' email systems in particular when I'm not using ARC on my email system, but outside the insurance industry -- and I'm making an educated guess that they are the main sticklers -- it doesn't seem to be a problem if SPF, DKIM, and DMARC are all working.

On February 9, 2022 6:16:19 AM AKST, Benny Pedersen me@junc.eu wrote:

On 2022-02-09 14:33, Aki Tuomi wrote:

...

We did that replacement for a while, but people complained. We have ARC signing there, unfortunately it only works if you trust it.

ARC-Authentication-Results: i=1; talvi.dovecot.org; dkim=pass header.d=open-xchange.com header.s=201705 header.b=kWkbHwXq; dmarc=pass (policy=reject) header.from=open-xchange.com; spf=pass (talvi.dovecot.org: domain of aki.tuomi@open-xchange.com designates 87.191.57.183 as permitted sender) smtp.mailfrom=aki.tuomi@open-xchange.com

X-Spam-Status: No, score=-6.4 required=5.0 tests=AWL,DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,KAM_DMARC_STATUS,LOCAL_HASHWL_ALL, MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,RCVD_IN_HOSTKARMA_W, RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no

seems it breaks :/

-- Sent from my Android device with K-9 Mail. Please excuse my brevity.

Problem is, I need to unpack each of them to be sure, that these are false positives and I'm afraid, that it could lower reputation of my mail server IP address with major providers (like Google Mail).

How can you get a lower reputation? Afaik dmarc is just signing your outgoing messages.

On 11.02.2022 16:31, Marc wrote:

...

Problem is, I need to unpack each of them to be sure, that these are false positives and I'm afraid, that it could lower reputation of my mail server IP address with major providers (like Google Mail).

How can you get a lower reputation? Afaik dmarc is just signing your outgoing messages. DKIM is signing of headers. DMARC is policy (like "This domain must sign all messages with DKIM, no exceptions, and has strict SFP") and reporting mechanism for other hosts ("We get mail from you and this message violates declared policy of your domain").

As I get these reports, it means that messages from "my domain" (really, forwarded by mailing list software) violate policies set by my domain. It means, my domain is compromised somehow.

-- // Black Lion AKA Lev Serebryakov

hi@zakaria.website skrev den 2022-09-13 14:03:

least to must pass Signature Verification. Have anyone managed to configure EXIM to verify more than one DKIM Signature header?

postfix smtpd_milter_maps with a list of ips that is known maillists ips is best for software that are brokken, use DISABLE as results pr ip that is maillist ips, that will disabled opendmarc and other milters when client ip is a maillist, postfix be happy until trusted domain have updated and stable milters

use rspamd if possible, with is imho the only stable milters with solve it all, i hate to write that but it might be right for time being, while spamassassin v4 is on the way

On 2022-09-13 13:10, Benny Pedersen wrote:

hi@zakaria.website skrev den 2022-09-13 14:03:

...

least to must pass Signature Verification. Have anyone managed to configure EXIM to verify more than one DKIM Signature header?

postfix smtpd_milter_maps with a list of ips that is known maillists ips is best for software that are brokken, use DISABLE as results pr ip that is maillist ips, that will disabled opendmarc and other milters when client ip is a maillist, postfix be happy until trusted domain have updated and stable milters

use rspamd if possible, with is imho the only stable milters with solve it all, i hate to write that but it might be right for time being, while spamassassin v4 is on the way

Another update yet with a solution.

I found the causing issue with DKIM and DMARC failure when a signed email pass through mailing list such as dovecot as I expected, it has nothing to do with the mailing list but it's to do with DKIM signing headers set. It's due to one of or several headers in the DKIM signing set, getting added or modified after signing at dovecot end.

Anyhow, here is the DKIM signing headers set in this mailing list, that it should work and it will prevent the batch of DMARC emails and bad signature from happening again.

from:from:reply-to:date:date:message-id:message-id:to:to:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references

Thanks to my friend who didnt need a credit, and helped me out in reaching this solution.

Zakaria.

On 2022-10-11 14:05, Benny Pedersen wrote:

hi@zakaria.website skrev den 2022-10-11 13:42:

...

On 2022-09-13 13:10, Benny Pedersen wrote:

...

hi@zakaria.website skrev den 2022-09-13 14:03:

...

from:from:reply-to:date:date:message-id:message-id:to:to:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references

Thanks to my friend who didnt need a credit, and helped me out in reaching this solution.

i have no frinds, but it might be related https://gitlab.com/fumail/fuglu/-/issues/262

with my conservative list of signed headers it pass

Indeed, it's because you set the following headers in dkim signing headers:-

from : subject : date : to : message-id

Although not sure why you've added some space, as per standards I think only colon separated list its the compliant format like the following:-

from:subject:date:to:message-id

Anyhow this is my final update, the previous headers set which I included wasnt perfect as cc header was causing a trouble, given it can fail at some point e.g. when replying more than one time to the same recipient through a mailing list, and mind me OX and iRedMail, I had to check your signing headers set, hopefully you are ok for me to present it here as the optimal one to avoid DKIM failures:-

OX:- Date:From:To:In-Reply-To:References:Subject:From

IRM:- x-mailer:message-id:in-reply-to:to:references:date:subject :mime-version:content-transfer-encoding:content-type:from

iRedMail seems to be the best headers set given it includes X-Mailer header, which enhances signature validity, when client uses specific mail client app, although it can be faked yet one must know which client app the sender would use and if was able to have information to this length I guess signature validity would be an easy task to break it further.

Also, I was advised by a friend to duplicate the signing headers in order to disallow spoofing signature further, while I couldnt see how nor populate a proof of concept, I removed it but if someone understand it, I would appreciate their elaboration, surely with thanks :)

Good luck.

Zakaria.

On 10/11/22 07:42, hi@zakaria.website wrote:

Another update yet with a solution.

I found the causing issue with DKIM and DMARC failure when a signed email pass through mailing list such as dovecot as I expected, it has nothing to do with the mailing list but it's to do with DKIM signing headers set. It's due to one of or several headers in the DKIM signing set, getting added or modified after signing at dovecot end.

Anyhow, here is the DKIM signing headers set in this mailing list, that it should work and it will prevent the batch of DMARC emails and bad signature from happening again.

from:from:reply-to:date:date:message-id:message-id:to:to:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references Please forgive me for jumping in, but I just noticed this. I (like many others) have issues with mailing lists and the flurry of DMARC emails after posting. I'm using OpenDKIM. There's a lot of material out there about proper configuration of DKIM, but nothing really definitive, with lots of "it depends on your requirements" type of noncommittal crap. Email use cases don't differ THAT much.

So does what you said above mean that you've come up with a working configuration to address the issue of mailing lists causing DKIM to barf due to header modifications? If so, can you tell me more about specifically what you're doing, like which headers you're signing and how? I've been at my wits' end with this for some time; DKIM (and SPF etc etc) seem to be really quite awful overall.

         Thanks,
         -Dave

-- Dave McGuire, AK4HZ New Kensington, PA

Thats a TLD ban. Meaning *.ru is banned.

same applies for my domain for example, I ban *.xyz, *.date and a few others.

-----Ursprungligt meddelande----- Från: dovecot-bounces@dovecot.org dovecot-bounces@dovecot.org För Lev Serebryakov Skickat: den 12 februari 2022 12:08 Till: dovecot@dovecot.org Ämne: Re: Sv: dovecot mailing list (this mailing list), DKIM, SPF and DMARC

On 11.02.2022 16:31, Marc wrote:

(sorry for posting to list this, but I don't have any ways to contact Marc off-list now)

...

Problem is, I need to unpack each of them to be sure, that these are false positives and I'm afraid, that it could lower reputation of my mail server IP address with major providers (like Google Mail).

How can you get a lower reputation? Afaik dmarc is just signing your outgoing messages. Marc, my domain already has problems sending mail to you, for example:

Marc@f1-outsourcing.eu: host spam1.roosit.eu[212.26.193.45] said: 553 5.3.0 550We have blocked this toplevel because of spam. Use another toplevel until the maintainer has resolved these issues (in reply to MAIL FROM command)

-- // Black Lion AKA Lev Serebryakov

Yep. Its a lot of TLDs that is banned at me, but I haven’t had any problems with .ru so .ru isn’t yet banned.

Here is my TLD banlist:

deny

message = 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

condition = ${if eq {$acl_m4}{dnswl_whitelisted}{no}{yes}}

sender_domains = ^(?i).*\\.(accountant|accountants|asia|auto|berlin|bid|buzz|camera|car|cam|cars|christmas|click|club|college|computer|country|cricket|date|design|download|exposed|email|fail|faith|fit|fun|gdn|global

|guru|help|host|jetzt|kim|icu|life|live|link|loan|london|media|men|mom|news|ninja|online|party|photography|pro|protection|pub|racing|realtor|reise|ren|rent|rest|review|rocks|science|security

|shop|site|solutions|space|storage|store|stream|study|surf|tech|technology|theatre|today|top|trade|university|uno|us|viajes|vip|vividal|wang|webcam|website|win|work|works|world|xin|xyz|zip|xn--.*)\$

This crap that ICANN started with “custom” TLDs is of more harm than useful. So much spam TLDs in the registry.

Från: dovecot-bounces@dovecot.org dovecot-bounces@dovecot.org För justina colmena ~biz Skickat: den 12 februari 2022 14:06 Till: dovecot@dovecot.org Ämne: Re: Sv: Sv: dovecot mailing list (this mailing list), DKIM, SPF and DMARC

The ".top" TLD is popular among Russian spammers, ".ru" is a little too obvious and honest for what it is, unless that's part of Biden's sanctions, the others you mention look like vice domains, but looking at GitHub:

• https://github.com/dovecot

There's an "Oy" which is a Finnish "osalliyhdistys" and a ".fi" -- I have not heard of recent hostility between Finland and Russia, notwithstanding the Ukraine situation. Your mail client is all configured in Swedish, but Sweden & Finland are not officially part of NATO, AFAIK, and Sweden has its own currency whereas Finland did give up the markka in exchange for the Euro some 20-odd years ago I don't recall.

On February 12, 2022 2:58:03 AM AKST, Sebastian Nielsen mailto:sebastian@sebbe.eu > wrote:

Thats a TLD ban. Meaning *.ru is banned.

same applies for my domain for example, I ban *.xyz, *.date and a few others.

-----Ursprungligt meddelande----- Från: dovecot-bounces@dovecot.org mailto:dovecot-bounces@dovecot.org mailto:dovecot-bounces@dovecot.org > För Lev Serebryakov Skickat: den 12 februari 2022 12:08 Till: dovecot@dovecot.org mailto:dovecot@dovecot.org Ämne: Re: Sv: dovecot mailing list (this mailing list), DKIM, SPF and DMARC

On 11.02.2022 16:31, Marc wrote:

(sorry for posting to list this, but I don't have any ways to contact Marc off-list now)

Problem is, I need to unpack each of them to be sure, that these 

are false positives and I'm afraid, that it could lower reputation of my mail server IP address with major providers (like Google Mail).

How can you get a lower reputation? Afaik dmarc is just signing your outgoing messages.

Marc, my domain already has problems sending mail to you, for example:

mailto:Marc@f1-outsourcing.eu >: host spam1.roosit.eu[212.26.193.45] said: 553 5.3.0 550We have blocked this toplevel because of spam. Use another toplevel until the maintainer has resolved these issues (in reply to MAIL FROM command)

-- // Black Lion AKA Lev Serebryakov

-- Sent from my Android device with K-9 Mail. Please excuse my brevity.

On 2022-02-12 12:58, Sebastian Nielsen wrote:

Thats a TLD ban. Meaning *.ru is banned.

ru tld is not this time

same applies for my domain for example, I ban *.xyz, *.date and a few others.

why ban tld ?

Marc@f1-outsourcing.eu: host spam1.roosit.eu[212.26.193.45] said: 553 5.3.0

lets see

On 2022 Feb 16, at 10:22, Chris Bennett chris-dvcot@freedomforlife.rocks wrote:

On Sat, Feb 12, 2022 at 12:58:03PM +0100, Sebastian Nielsen wrote:

...

Thats a TLD ban. Meaning *.ru is banned.

same applies for my domain for example, I ban *.xyz, *.date and a few others.

I don't understand at all why banning tld is reasonable.

For the same reason that banning roadrunner was reasonable, the vast majority of mail from these new TLDs is nothing but spam, and I mean at levels far higher than the 97% of general email spam percentage.

When I blacklisted .top I has getting hundreds of thousands of spam emails a day on a quite small mail server, so much mail that it was overwhelming my server.

I have seen very few new olds that are not major spam magnets, and when I do, I unblock them.

But my default position is that ever TLD is locked except for the ones I specifically allow.

I'm not rich.

The vast majority of olds are quite cheap.

I can't afford to buy domain names that cost $200 a year to purchase. .com .net .info , etc. have run out of the names I wish to use.

If you are paying $200/yr for a domain name you are doing something very wrong. I am saying about $12/year. Maybe as high as $15/yr? I'd have to check, it is such a low number I don't really know.

I have never ever sent a single spam email, but you would block my emails?

Yep.

Bluntly said, but without malice, that attitude favors the rich over the poor.

No, it's not an economic issue at all. You are confusing your DESIRE for a cheap domain 'you want' with having to get a domain in a skeezy TLD.

I refuse to trust the BIG guys.

That is your choice. My choice is to not accept mail from .xyz or .rocks or .top or many hundreds of others.

Email, having been designed a long time ago, has no mechanism for stopping bad behavior, so it is up to each admin to do what they can to stop unwanted mail. The vast majority of email that is sent is dangerous, malicious, illegal, or unwanted. Not like 505, but in the high 90s.

The mail that a system accepts is based on a variety of trust characteristcis that are pretty much unique to every server.

My mail server checks the IP address for every connection against several RBLs, checked the connection for certain behaviors before it even allows the connection to start talking to the mail server. Once communication occurs, it checks a lot more things before accepting the message. Nearly every connection attempt is refused and nearly every message that is attempted to be sent is rejected. Even so, of the mail that is accepted, 80% is spam and ends up in the user's junk mail box.

My dad uses yahoo and gets emails yanked away while he is reading it.

This has nothing to do with TLDs.

There are many other methods to block spam. IMHO, blocking by tld is a bit harsh.

That is your opinion and that is fine. But your opinion has zero effect on admins who block TLDs. You have no idea how big an issue spam really is and how much time mail mins spend trying to control it to simply a deluge.

This also is probably not the best group for this discussion.

-- I loved you when our love was blessed I love you now there's nothing left But sorrow and a sense of overtime

Google's corporate web page, Alphabet, Inc., is on the ".xyz" top level domain.

• https://abc.xyz/

I suppose Sergey Brin is Russian as well, so what have you there?

Perhaps you have inadvertently confused ".xyz" with the ".xxx" TLD. The popular grade school acronym for "eXamine Your Zipper" is obviously not commercially desirable for the same purposes, although I cannot vouch for particular instances.

On February 12, 2022 5:51:12 AM AKST, Marc Marc@f1-outsourcing.eu wrote:

...

(sorry for posting to list this, but I don't have any ways to contact Marc off-list now)

...

...

Problem is, I need to unpack each of them to be sure, that these are false positives and I'm afraid, that it could lower reputation of my

mail

...

server IP address with major providers (like Google Mail).

How can you get a lower reputation? Afaik dmarc is just signing your outgoing messages. Marc, my domain already has problems sending mail to you, for example:

Marc@f1-outsourcing.eu: host spam1.roosit.eu[212.26.193.45] said: 553 5.3.0 550We have blocked this toplevel because of spam. Use another toplevel until the maintainer has resolved these issues (in reply to MAIL FROM command)

--

.ru is not blocked. The connect is originating from a .xyz host.

-- Sent from my Android device with K-9 Mail. Please excuse my brevity.

No. I havent confused .xxx with .xyz .

*.xyz is a EXTREMELY spammy TLD.

Here is a excerpt out of my log for 2022 about .xyz, if you look on the domain names, you will see that its obvious spam:

root@sebastian-desktop:/var/log/exim# grep "2022.*\.xyz>: 5.7.1 Banned TLD" mainlog

2022-01-05 11:52:10 H=(sweeps.silencilbottelsks.xyz) [104.223.228.229] rejected MAIL ringingears@silencilbottelsks.xyz: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-05 15:40:20 H=(customise.biofungusnukfjj.xyz) [104.223.228.231] rejected MAIL biofungusnuker@biofungusnukfjj.xyz: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-07 08:32:02 H=(termly.archetypeprodsl.xyz) [104.223.228.210] rejected MAIL individualogistcom@archetypeprodsl.xyz: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-07 10:15:47 H=(malcontents.utlimateketodskd.xyz) [104.223.228.248] rejected MAIL theultimateketomeal@utlimateketodskd.xyz: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-07 11:42:47 H=(paddings.sharpearfks.xyz) [104.223.228.196] rejected MAIL sharpear@sharpearfks.xyz: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-07 13:14:14 H=(enlisting.visiumdksd.xyz) [104.223.228.201] rejected MAIL visiumplus@visiumdksd.xyz: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-07 15:12:41 H=(justification.dentittoxdsprosd.xyz) [104.223.228.197] rejected MAIL dentitox@dentittoxdsprosd.xyz: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-07 16:39:22 H=(sociolinguistic.biofungusnukasdsl.xyz) [104.223.228.206] rejected MAIL biofungusnuker@biofungusnukasdsl.xyz: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-07 17:52:26 H=(intact.bloodsugarblasterkgf.xyz) [104.223.228.209] rejected MAIL bloodsugarblaster@bloodsugarblasterkgf.xyz: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-09 09:08:32 H=(sumo.sonavelskds.xyz) [104.223.228.237] rejected MAIL sonavel@sonavelskds.xyz: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-09 10:44:20 H=(obscures.glucofortfk.xyz) [104.223.228.205] rejected MAIL glucofort@glucofortfk.xyz: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-09 12:14:08 H=(monolayers.prostastreamskds.xyz) [104.223.228.232] rejected MAIL prostastream@prostastreamskds.xyz: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-09 13:56:18 H=(jailer.energycubesystemkdf.xyz) [104.223.228.202] rejected MAIL energycubesystem@energycubesystemkdf.xyz: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-09 15:32:16 H=(britons.steelbiterofkdf.xyz) [104.223.228.213] rejected MAIL steelbitepro@steelbiterofkdf.xyz: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-09 16:52:24 H=(plopping.bloodpresour.xyz) [104.223.228.246] rejected MAIL bloodpressure911@bloodpresour.xyz: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-15 08:38:50 H=(bismuth.coldwargenhjgf.xyz) [104.223.228.243] rejected MAIL coldwargenerator@coldwargenhjgf.xyz: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-15 09:56:21 H=kunnau.wittynakell.com (countenances.waterfreedomsysdfgh.xyz) [134.73.26.221] rejected MAIL waterfreedomsystem@waterfreedomsysdfgh.xyz: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-15 11:43:17 H=odiara.armoytrontes.com (cramping.ultramanigh.xyz) [134.73.26.233] rejected MAIL ultramanifestation@ultramanigh.xyz: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-15 13:28:54 H=engblk.telewonderfulkings.com (agree.herpagreenhgfd.xyz) [134.73.26.208] rejected MAIL herpagreens@herpagreenhgfd.xyz: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-15 14:43:36 H=kriisi.telewonderfulkings.com (vices.bloodpressourfgjhn.xyz) [134.73.26.200] rejected MAIL bloodpressure911@bloodpressourfgjhn.xyz: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-15 15:54:50 H=gauda.armoytrontes.com (mediocrity.7dayprayerdskj.xyz) [134.73.26.231] rejected MAIL 7dayprayermiracle@7dayprayerdskj.xyz: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-15 17:38:13 H=gelanc.telewonderfulkings.com (extroversion.proflighthjkg.xyz) [134.73.26.202] rejected MAIL speciallaunchprice@proflighthjkg.xyz: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-15 20:15:17 H=752091-cf18567.tmweb.ru (ourhealthproducts.xyz) [92.53.107.122] rejected MAIL bxcO3@ourhealthproducts.xyz: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-16 08:44:33 H=jeczo.wittynakell.com (sedated.sharpeardjds.xyz) [134.73.26.219] rejected MAIL sharpear@sharpeardjds.xyz: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-16 10:14:10 H=simog.ecklark.com (rocky.primalfgrowks.xyz) [134.73.26.247] rejected MAIL primalgrow@primalfgrowks.xyz: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-16 11:57:58 H=spewer.armoytrontes.com (friend.trumpcoinfdfs.xyz) [134.73.26.226] rejected MAIL trump2020goldplatedcoin@trumpcoinfdfs.xyz: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-16 13:38:22 H=cushio.armoytrontes.com (trumpeted.glucaforetjds.xyz) [134.73.26.227] rejected MAIL glucofort@glucaforetjds.xyz: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-16 14:57:24 H=armoytrontes.com (wedge.myshedplandks.xyz) [134.73.26.225] rejected MAIL myshedplan@myshedplandks.xyz: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-16 14:58:56 H=(odfcvsn.xyz) [45.9.72.47] rejected MAIL g1mNpF5Y8O@okmhjk.xyz: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-16 16:35:34 H=tiemen.armoytrontes.com (ready.energycubesysdpres.xyz) [134.73.26.235] rejected MAIL energycubesystem@energycubesysdpres.xyz: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

2022-01-24 22:24:19 H=(ylg888.cn) [121.5.153.59] rejected MAIL dene@odabas.xyz: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )

root@sebastian-desktop:/var/log/exim#

You propably see now how bad of a TLD *.xyz is. Wish ICANN could nuke that TLD out of orbit.

Från: dovecot-bounces@dovecot.org dovecot-bounces@dovecot.org För justina colmena ~biz Skickat: den 12 februari 2022 16:40 Till: dovecot@dovecot.org Ämne: RE: Sv: dovecot mailing list (this mailing list), DKIM, SPF and DMARC

Google's corporate web page, Alphabet, Inc., is on the ".xyz" top level domain.

• https://abc.xyz/

I suppose Sergey Brin is Russian as well, so what have you there?

Perhaps you have inadvertently confused ".xyz" with the ".xxx" TLD. The popular grade school acronym for "eXamine Your Zipper" is obviously not commercially desirable for the same purposes, although I cannot vouch for particular instances.

On February 12, 2022 5:51:12 AM AKST, Marc mailto:Marc@f1-outsourcing.eu > wrote:

(sorry for posting to list this, but I don't have any ways to contact Marc off-list now)

Problem is, I need to unpack each of them to be sure, that these are

false positives and I'm afraid, that it could lower reputation of my

mail

server IP address with major providers (like Google Mail).

How can you get a lower reputation? Afaik dmarc is just signing your

outgoing messages. Marc, my domain already has problems sending mail to you, for example:

mailto:Marc@f1-outsourcing.eu >: host spam1.roosit.eu[212.26.193.45] said: 553 5.3.0 550We have blocked this toplevel because of spam. Use another toplevel until the maintainer has resolved these issues (in reply to MAIL FROM command)

--

.ru is not blocked. The connect is originating from a .xyz host.

-- Sent from my Android device with K-9 Mail. Please excuse my brevity.

wait for spamassassin 4, gmail does not let users change there missing problems with no dnssec domains, how can google be serius there ?

google is only to be taken serious with acquiring new clients, if they would take email serious they would eg spend money on filtering their out going spam and use -all in their spf.