dovecot mailing list (this mailing list), DKIM, SPF and DMARC
My domain (serebrtyajov.spb.ru) has all these "new" e-mail technologies configured. It works fine till I write to this mailing list.
After that I've got several DMARC reports about "spam" from my domain. All these reports are about my mailing list post.
I don't have such problems with other mailing lists (FreeBSD ones, OpenJDK ones, and others).
Looks like mailing list software for this mailing list is misconfigured.
I'm sure, I'll get new after this message.
-- // Black Lion AKA Lev Serebryakov
I get it too. These appear because they don't replace either MAIL FROM: or Mime From: with the list address. This causes validations to fail since the mailing list is trying to spoof mail in your name, and of course, anti-spoofing security is going to react. DKIM can be troublesome since mailing lists sometimes change or reencode content so DKIM signature fails.
-----Ursprungligt meddelande----- Från: dovecot-bounces@dovecot.org <dovecot-bounces@dovecot.org> För Lev Serebryakov Skickat: den 4 februari 2022 21:58 Till: dovecot@dovecot.org Ämne: dovecot mailing list (this mailing list), DKIM, SPF and DMARC
My domain (serebrtyajov.spb.ru) has all these "new" e-mail technologies configured. It works fine till I write to this mailing list.
After that I've got several DMARC reports about "spam" from my domain. All these reports are about my mailing list post.
I don't have such problems with other mailing lists (FreeBSD ones, OpenJDK ones, and others).
Looks like mailing list software for this mailing list is misconfigured.
I'm sure, I'll get new after this message.
-- // Black Lion AKA Lev Serebryakov
We did that replacement for a while, but people complained. We have ARC signing there, unfortunately it only works if you trust it.
Aki
On 04/02/2022 23:10 Sebastian Nielsen <sebastian@sebbe.eu> wrote:
I get it too. These appear because they don't replace either MAIL FROM: or Mime From: with the list address. This causes validations to fail since the mailing list is trying to spoof mail in your name, and of course, anti-spoofing security is going to react. DKIM can be troublesome since mailing lists sometimes change or reencode content so DKIM signature fails.
-----Ursprungligt meddelande----- Från: dovecot-bounces@dovecot.org <dovecot-bounces@dovecot.org> För Lev Serebryakov Skickat: den 4 februari 2022 21:58 Till: dovecot@dovecot.org Ämne: dovecot mailing list (this mailing list), DKIM, SPF and DMARC
My domain (serebrtyajov.spb.ru) has all these "new" e-mail technologies configured. It works fine till I write to this mailing list.
After that I've got several DMARC reports about "spam" from my domain. All these reports are about my mailing list post.
I don't have such problems with other mailing lists (FreeBSD ones, OpenJDK ones, and others).
Looks like mailing list software for this mailing list is misconfigured.
I'm sure, I'll get new after this message.
-- // Black Lion AKA Lev Serebryakov
On 2022-02-09 14:33, Aki Tuomi wrote:
We did that replacement for a while, but people complained. We have ARC signing there, unfortunately it only works if you trust it.
ARC-Authentication-Results: i=1; talvi.dovecot.org; dkim=pass header.d=open-xchange.com header.s=201705 header.b=kWkbHwXq; dmarc=pass (policy=reject) header.from=open-xchange.com; spf=pass (talvi.dovecot.org: domain of aki.tuomi@open-xchange.com designates 87.191.57.183 as permitted sender) smtp.mailfrom=aki.tuomi@open-xchange.com
X-Spam-Status: No, score=-6.4 required=5.0 tests=AWL,DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,KAM_DMARC_STATUS,LOCAL_HASHWL_ALL, MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,RCVD_IN_HOSTKARMA_W, RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no
seems it breaks :/
On 2022-02-09 16:16, Benny Pedersen wrote:
On 2022-02-09 14:33, Aki Tuomi wrote:
We did that replacement for a while, but people complained. We have ARC signing there, unfortunately it only works if you trust it.
ARC-Authentication-Results: i=1; talvi.dovecot.org; dkim=pass header.d=open-xchange.com header.s=201705 header.b=kWkbHwXq; dmarc=pass (policy=reject) header.from=open-xchange.com; spf=pass (talvi.dovecot.org: domain of aki.tuomi@open-xchange.com designates 87.191.57.183 as permitted sender) smtp.mailfrom=aki.tuomi@open-xchange.com
X-Spam-Status: No, score=-6.4 required=5.0 tests=AWL,DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,KAM_DMARC_STATUS,LOCAL_HASHWL_ALL, MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,RCVD_IN_HOSTKARMA_W, RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no
seems it breaks :/
my own in return
X-Spam-Status: No, score=-6.2 required=5.0 tests=AWL,DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,LOCAL_HASHWL_ALL, MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,RCVD_IN_HOSTKARMA_W, RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no
so it seems fuglu works
hope maillist users turn there dkim signers into sign only, not verify aswell, verify must only happen in dmarc
Le 09/02/2022 à 16:55, Benny Pedersen a écrit :
hope maillist users turn there dkim signers into sign only, not verify aswell, verify must only happen in dmarc
I am a little bit confused.
- why not verify dkim ? It seems fine for your message. I get:
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=94.237.105.223; helo=talvi.dovecot.org; envelope-from=dovecot-bounces@dovecot.org; receiver=<UNKNOWN> Authentication-Results: OpenDMARC; dmarc=pass (p=none dis=none) header.from=junc.eu Authentication-Results: vps2.salort.eu; dkim=pass (2048-bit key; secure) header.d=junc.eu header.i=@junc.eu header.a=rsa-sha256 header.s=default header.b=CC9G/2tV; dkim-atps=neutral
- Is it useful to install something besides OpenDMARC (OpenARC ?), or some dedicated OpenDMARC configurations, for the ARC-Seal to be useful ?
I suppose SPF works because the Envelope is correctly set to dovecot.org address, so I don't understand the problem the OP was mentionning.
Cheers,
Julien
On 2022-02-09 17:25, Julien Salort wrote:
Le 09/02/2022 à 16:55, Benny Pedersen a écrit :
hope maillist users turn there dkim signers into sign only, not verify aswell, verify must only happen in dmarc
I am a little bit confused.
- why not verify dkim ? It seems fine for your message. I get:
when dkim pass there is no breakage, but dkim fail can lead to in some setups to make reject, even for maillists :/
that is a design fail on dkim
hence why i say sign only in dkim
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=94.237.105.223; helo=talvi.dovecot.org; envelope-from=dovecot-bounces@dovecot.org; receiver=<UNKNOWN> Authentication-Results: OpenDMARC; dmarc=pass (p=none dis=none) header.from=junc.eu Authentication-Results: vps2.salort.eu; dkim=pass (2048-bit key; secure) header.d=junc.eu header.i=@junc.eu header.a=rsa-sha256 header.s=default header.b=CC9G/2tV; dkim-atps=neutral
perfectly good no problem
- Is it useful to install something besides OpenDMARC (OpenARC ?), or some dedicated OpenDMARC configurations, for the ARC-Seal to be useful ?
we are all waiting for spamassassin 4, and maybe ietf stable rfc on openspf, opendkim, openarc, opendmarc, currently none of it is production stable
I suppose SPF works because the Envelope is correctly set to dovecot.org address, so I don't understand the problem the OP was mentionning.
postfix maillist have no spf helo pass, no spf pass, i think its to force pass only on dkim in dmarc :=)
i dont control dovecot.org spf, so if it recieved in arc test pass i am happy, note arc miss spf helo fail/pass
its not production stable
when dkim pass there is no breakage, but dkim fail can lead to in some setups to make reject, even for maillists that is a design fail on dkim
I disagree. DKIM is doing its job. It is a design fail on the part of most mailing list and/or lack of user's DKIM signatures.
Look at it logically, DKIM is reporting that the email has been manipulated and isn't being delivered by the authorized server. Isn't that what you want out of DKIM? Detecting forged, phishing and spam email?
If you want to get emails that have been captured by a man in the middle, manipulated, then sent to you from a hackers server then why bother setting up DKIM at all? To us humans, we don't conceptually view a mailing list as doing that, but on the technical level that is what is happening when DMARC breaks.
It is possible for a mailing list to pass DMARC verification, but there doesn't seem to be a lot of motivation to put in the extra effort to make it work.
Regarding ARC; I don't get it, i don't see it as useful. The only thing ARC does is tell you that the server sending you email promises the email is legit. How does that prevent spam/phishing when the attack server can ARC something saying trust me its legit? And the big 3 using ARC, so what, what does it even mean? Gmail is telling you yep they got that email from someone else and are relaying it to you. What does that solve? Spammers send through gmail accounts and use private domains relayed through gmail servers for delivery. Great, ARC confirms it really was someone who sent that spam through gmail and gmail really did deliver it. How is that useful in fighting spam?
If im way off on that, feel free to set me straight.
On 2022-02-10, dovecot@ptld.com <dovecot@ptld.com> wrote:
It is possible for a mailing list to pass DMARC verification, but there doesn't seem to be a lot of motivation to put in the extra effort to make it work.
It is possible, but it breaks how many people expect mailing lists to work.
Google, Yahoo and Microsoft, the big providers all use ARC, and have used it for years. But Wikipedia doesn't have much nice to say about it.
--> allows a receiving service to validate an email when the email's SPF and DKIM records are rendered invalid by an intermediate server's processing. ARC is defined in RFC 8617, published in July 2019, as "Experimental".
It sounds like a Microsoft/Google/corporate standard, not IETF. I do seem to have trouble communicating with insurance companies' email systems in particular when I'm not using ARC on my email system, but outside the insurance industry -- and I'm making an educated guess that they are the main sticklers -- it doesn't seem to be a problem if SPF, DKIM, and DMARC are all working.
On February 9, 2022 6:16:19 AM AKST, Benny Pedersen <me@junc.eu> wrote:
On 2022-02-09 14:33, Aki Tuomi wrote:
We did that replacement for a while, but people complained. We have ARC signing there, unfortunately it only works if you trust it.
ARC-Authentication-Results: i=1; talvi.dovecot.org; dkim=pass header.d=open-xchange.com header.s=201705 header.b=kWkbHwXq; dmarc=pass (policy=reject) header.from=open-xchange.com; spf=pass (talvi.dovecot.org: domain of aki.tuomi@open-xchange.com designates 87.191.57.183 as permitted sender) smtp.mailfrom=aki.tuomi@open-xchange.com
X-Spam-Status: No, score=-6.4 required=5.0 tests=AWL,DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,KAM_DMARC_STATUS,LOCAL_HASHWL_ALL, MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,RCVD_IN_HOSTKARMA_W, RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no
seems it breaks :/
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
On 09.02.2022 16:33, Aki Tuomi wrote:
I'm participating in ~20 mailing lists and only this one gives a storm of DMARC reports on each my posting.
Problem is, I need to unpack each of them to be sure, that these are false positives and I'm afraid, that it could lower reputation of my mail server IP address with major providers (like Google Mail).
We did that replacement for a while, but people complained. We have ARC signing there, unfortunately it only works if you trust it.
Aki
On 04/02/2022 23:10 Sebastian Nielsen <sebastian@sebbe.eu> wrote:
I get it too. These appear because they don't replace either MAIL FROM: or Mime From: with the list address. This causes validations to fail since the mailing list is trying to spoof mail in your name, and of course, anti-spoofing security is going to react. DKIM can be troublesome since mailing lists sometimes change or reencode content so DKIM signature fails.
-----Ursprungligt meddelande----- Från: dovecot-bounces@dovecot.org <dovecot-bounces@dovecot.org> För Lev Serebryakov Skickat: den 4 februari 2022 21:58 Till: dovecot@dovecot.org Ämne: dovecot mailing list (this mailing list), DKIM, SPF and DMARC
My domain (serebrtyajov.spb.ru) has all these "new" e-mail technologies configured. It works fine till I write to this mailing list.
After that I've got several DMARC reports about "spam" from my domain. All these reports are about my mailing list post.
I don't have such problems with other mailing lists (FreeBSD ones, OpenJDK ones, and others).
Looks like mailing list software for this mailing list is misconfigured.
I'm sure, I'll get new after this message.
-- // Black Lion AKA Lev Serebryakov
-- // Black Lion AKA Lev Serebryakov
Problem is, I need to unpack each of them to be sure, that these are false positives and I'm afraid, that it could lower reputation of my mail server IP address with major providers (like Google Mail).
How can you get a lower reputation? Afaik dmarc is just signing your outgoing messages.
On 2022-02-11 14:31, Marc wrote:
How can you get a lower reputation? Afaik dmarc is just signing your outgoing messages.
there is no repution in dmarc, it either pass or fail, if all fails, it proves nothing, if all pass it proves just a litte that is not forged content
maillist should always be trusted, in the AR header, but not from untrusted AR header domains, dmarc check must not be used from untrusted AR signers, so make maillists ARC domains trusted, noice will then be lover on reports
i say still opendkim/openarc/openspf/opendmarc is still unstable, and no one should relly trust it in current state
On 11.02.2022 16:31, Marc wrote:
Problem is, I need to unpack each of them to be sure, that these are false positives and I'm afraid, that it could lower reputation of my mail server IP address with major providers (like Google Mail).
How can you get a lower reputation? Afaik dmarc is just signing your outgoing messages. DKIM is signing of headers. DMARC is policy (like "This domain must sign all messages with DKIM, no exceptions, and has strict SFP") and reporting mechanism for other hosts ("We get mail from you and this message violates declared policy of your domain").
As I get these reports, it means that messages from "my domain" (really, forwarded by mailing list software) violate policies set by my domain. It means, my domain is compromised somehow.
-- // Black Lion AKA Lev Serebryakov
On 2022-02-12 11:05, Lev Serebryakov wrote:
On 11.02.2022 16:31, Marc wrote:
Problem is, I need to unpack each of them to be sure, that these are false positives and I'm afraid, that it could lower reputation of my mail server IP address with major providers (like Google Mail).
How can you get a lower reputation? Afaik dmarc is just signing your outgoing messages. DKIM is signing of headers. DMARC is policy (like "This domain must sign all messages with DKIM, no exceptions, and has strict SFP") and reporting mechanism for other hosts ("We get mail from you and this message violates declared policy of your domain").
As I get these reports, it means that messages from "my domain" (really, forwarded by mailing list software) violate policies set by my domain. It means, my domain is compromised somehow.
An update.
I tried to implement a workaround for mailing lists transporting of emails which breaks DKIM yet found way to an avail. I checked headers in mailing like the List-Id and I tried to ignore signing if any email contains such header and didn't make difference, given the issue its with verifying DKIM. I noticed all failing DKIM verification emails sent by me and coming back from dovecot, contains two DKIM-Signature header, one from me and one from dovecot and it seems if we can set the MTA to verify all DKIM-Signature headers present in emails that contains List-Id header i.e. from Mailing List, and requires perhaps the signature placed in the order of headers, before the recent at least to must pass Signature Verification. Have anyone managed to configure EXIM to verify more than one DKIM Signature header?
hi@zakaria.website skrev den 2022-09-13 14:03:
least to must pass Signature Verification. Have anyone managed to configure EXIM to verify more than one DKIM Signature header?
postfix smtpd_milter_maps with a list of ips that is known maillists ips is best for software that are brokken, use DISABLE as results pr ip that is maillist ips, that will disabled opendmarc and other milters when client ip is a maillist, postfix be happy until trusted domain have updated and stable milters
use rspamd if possible, with is imho the only stable milters with solve it all, i hate to write that but it might be right for time being, while spamassassin v4 is on the way
On 2022-09-13 14:10, Benny Pedersen wrote:
hi@zakaria.website skrev den 2022-09-13 14:03:
least to must pass Signature Verification. Have anyone managed to configure EXIM to verify more than one DKIM Signature header?
postfix smtpd_milter_maps with a list of ips that is known maillists ips is best for software that are brokken, use DISABLE as results pr ip that is maillist ips, that will disabled opendmarc and other milters when client ip is a maillist, postfix be happy until trusted domain have updated and stable milters
use rspamd if possible, with is imho the only stable milters with solve it all, i hate to write that but it might be right for time being, while spamassassin v4 is on the way
Disabling DKIM Verification it doesnt seem to be a difficult matter in EXIM per IPs list from a file too, and not sure about migrating to Postfix as I am interested in a workaround over than shoving the problem under the carpet ( not intending any offensive language ). I think dovecot mailing list is well built and its working as it should but we should be able to check if email its from mailing list, then expect more than one header of signature to be attempted with verification.
On 2022-09-13 13:10, Benny Pedersen wrote:
hi@zakaria.website skrev den 2022-09-13 14:03:
least to must pass Signature Verification. Have anyone managed to configure EXIM to verify more than one DKIM Signature header?
postfix smtpd_milter_maps with a list of ips that is known maillists ips is best for software that are brokken, use DISABLE as results pr ip that is maillist ips, that will disabled opendmarc and other milters when client ip is a maillist, postfix be happy until trusted domain have updated and stable milters
use rspamd if possible, with is imho the only stable milters with solve it all, i hate to write that but it might be right for time being, while spamassassin v4 is on the way
Another update yet with a solution.
I found the causing issue with DKIM and DMARC failure when a signed email pass through mailing list such as dovecot as I expected, it has nothing to do with the mailing list but it's to do with DKIM signing headers set. It's due to one of or several headers in the DKIM signing set, getting added or modified after signing at dovecot end.
Anyhow, here is the DKIM signing headers set in this mailing list, that it should work and it will prevent the batch of DMARC emails and bad signature from happening again.
from:from:reply-to:date:date:message-id:message-id:to:to:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references
Thanks to my friend who didnt need a credit, and helped me out in reaching this solution.
Zakaria.
hi@zakaria.website skrev den 2022-10-11 13:42:
On 2022-09-13 13:10, Benny Pedersen wrote:
hi@zakaria.website skrev den 2022-09-13 14:03:
from:from:reply-to:date:date:message-id:message-id:to:to:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references
Thanks to my friend who didnt need a credit, and helped me out in reaching this solution.
i have no frinds, but it might be related https://gitlab.com/fumail/fuglu/-/issues/262
with my conservative list of signed headers it pass
On 2022-10-11 14:05, Benny Pedersen wrote:
hi@zakaria.website skrev den 2022-10-11 13:42:
On 2022-09-13 13:10, Benny Pedersen wrote:
hi@zakaria.website skrev den 2022-09-13 14:03:
from:from:reply-to:date:date:message-id:message-id:to:to:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references
Thanks to my friend who didnt need a credit, and helped me out in reaching this solution.
i have no frinds, but it might be related https://gitlab.com/fumail/fuglu/-/issues/262
with my conservative list of signed headers it pass
Indeed, it's because you set the following headers in dkim signing headers:-
from : subject : date : to : message-id
Although not sure why you've added some space, as per standards I think only colon separated list its the compliant format like the following:-
from:subject:date:to:message-id
Anyhow this is my final update, the previous headers set which I included wasnt perfect as cc header was causing a trouble, given it can fail at some point e.g. when replying more than one time to the same recipient through a mailing list, and mind me OX and iRedMail, I had to check your signing headers set, hopefully you are ok for me to present it here as the optimal one to avoid DKIM failures:-
OX:- Date:From:To:In-Reply-To:References:Subject:From
IRM:- x-mailer:message-id:in-reply-to:to:references:date:subject :mime-version:content-transfer-encoding:content-type:from
iRedMail seems to be the best headers set given it includes X-Mailer header, which enhances signature validity, when client uses specific mail client app, although it can be faked yet one must know which client app the sender would use and if was able to have information to this length I guess signature validity would be an easy task to break it further.
Also, I was advised by a friend to duplicate the signing headers in order to disallow spoofing signature further, while I couldnt see how nor populate a proof of concept, I removed it but if someone understand it, I would appreciate their elaboration, surely with thanks :)
Good luck.
Zakaria.
Trojitá, a fast Qt IMAP e-mail client http://www.trojita.flaska.net/
I also use
http://opendkim.org/ http://www.trusteddomain.org/opendmarc/
as milters on Postfix
Active development, I'm sure they could all use some help, or forks for alternatives, I don't know, I'm not involved in development per se, just a user, and I have to get off the property of any of these places with my code before anything happens. All that Finnish osalliyhdistys and by the time a Swede gets online all hell breaks loose./
On Friday, October 21, 2022 1:50:43 PM AKDT, hi@zakaria.website wrote:
On 2022-10-11 14:05, Benny Pedersen wrote:
hi@zakaria.website skrev den 2022-10-11 13:42: ...
Indeed, it's because you set the following headers in dkim signing headers:-
from : subject : date : to : message-id
Although not sure why you've added some space, as per standards I think only colon separated list its the compliant format like the following:-
from:subject:date:to:message-id
Anyhow this is my final update, the previous headers set which I included wasnt perfect as cc header was causing a trouble, given it can fail at some point e.g. when replying more than one time to the same recipient through a mailing list, and mind me OX and iRedMail, I had to check your signing headers set, hopefully you are ok for me to present it here as the optimal one to avoid DKIM failures:-
OX:- Date:From:To:In-Reply-To:References:Subject:From
IRM:- x-mailer:message-id:in-reply-to:to:references:date:subject :mime-version:content-transfer-encoding:content-type:from
iRedMail seems to be the best headers set given it includes X-Mailer header, which enhances signature validity, when client uses specific mail client app, although it can be faked yet one must know which client app the sender would use and if was able to have information to this length I guess signature validity would be an easy task to break it further.
Also, I was advised by a friend to duplicate the signing headers in order to disallow spoofing signature further, while I couldnt see how nor populate a proof of concept, I removed it but if someone understand it, I would appreciate their elaboration, surely with thanks :)
Good luck.
Zakaria.
On 10/11/22 07:42, hi@zakaria.website wrote:
Another update yet with a solution.
I found the causing issue with DKIM and DMARC failure when a signed email pass through mailing list such as dovecot as I expected, it has nothing to do with the mailing list but it's to do with DKIM signing headers set. It's due to one of or several headers in the DKIM signing set, getting added or modified after signing at dovecot end.
Anyhow, here is the DKIM signing headers set in this mailing list, that it should work and it will prevent the batch of DMARC emails and bad signature from happening again.
from:from:reply-to:date:date:message-id:message-id:to:to:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references Please forgive me for jumping in, but I just noticed this. I (like many others) have issues with mailing lists and the flurry of DMARC emails after posting. I'm using OpenDKIM. There's a lot of material out there about proper configuration of DKIM, but nothing really definitive, with lots of "it depends on your requirements" type of noncommittal crap. Email use cases don't differ THAT much.
So does what you said above mean that you've come up with a working configuration to address the issue of mailing lists causing DKIM to barf due to header modifications? If so, can you tell me more about specifically what you're doing, like which headers you're signing and how? I've been at my wits' end with this for some time; DKIM (and SPF etc etc) seem to be really quite awful overall.
Thanks,
-Dave
-- Dave McGuire, AK4HZ New Kensington, PA
On 11.02.2022 16:31, Marc wrote:
(sorry for posting to list this, but I don't have any ways to contact Marc off-list now)
Problem is, I need to unpack each of them to be sure, that these are false positives and I'm afraid, that it could lower reputation of my mail server IP address with major providers (like Google Mail).
How can you get a lower reputation? Afaik dmarc is just signing your outgoing messages. Marc, my domain already has problems sending mail to you, for example:
<Marc@f1-outsourcing.eu>: host spam1.roosit.eu[212.26.193.45] said: 553 5.3.0 550We have blocked this toplevel because of spam. Use another toplevel until the maintainer has resolved these issues (in reply to MAIL FROM command)
-- // Black Lion AKA Lev Serebryakov
Thats a TLD ban. Meaning *.ru is banned.
same applies for my domain for example, I ban *.xyz, *.date and a few others.
-----Ursprungligt meddelande----- Från: dovecot-bounces@dovecot.org <dovecot-bounces@dovecot.org> För Lev Serebryakov Skickat: den 12 februari 2022 12:08 Till: dovecot@dovecot.org Ämne: Re: Sv: dovecot mailing list (this mailing list), DKIM, SPF and DMARC
On 11.02.2022 16:31, Marc wrote:
(sorry for posting to list this, but I don't have any ways to contact Marc off-list now)
Problem is, I need to unpack each of them to be sure, that these are false positives and I'm afraid, that it could lower reputation of my mail server IP address with major providers (like Google Mail).
How can you get a lower reputation? Afaik dmarc is just signing your outgoing messages. Marc, my domain already has problems sending mail to you, for example:
<Marc@f1-outsourcing.eu>: host spam1.roosit.eu[212.26.193.45] said: 553 5.3.0 550We have blocked this toplevel because of spam. Use another toplevel until the maintainer has resolved these issues (in reply to MAIL FROM command)
-- // Black Lion AKA Lev Serebryakov
The ".top" TLD is popular among Russian spammers, ".ru" is a little too obvious and honest for what it is, unless that's part of Biden's sanctions, the others you mention look like vice domains, but looking at GitHub:
There's an "Oy" which is a Finnish "osalliyhdistys" and a ".fi" -- I have not heard of recent hostility between Finland and Russia, notwithstanding the Ukraine situation. Your mail client is all configured in Swedish, but Sweden & Finland are not officially part of NATO, AFAIK, and Sweden has its own currency whereas Finland did give up the markka in exchange for the Euro some 20-odd years ago I don't recall.
On February 12, 2022 2:58:03 AM AKST, Sebastian Nielsen <sebastian@sebbe.eu> wrote:
Thats a TLD ban. Meaning *.ru is banned.
same applies for my domain for example, I ban *.xyz, *.date and a few others.
-----Ursprungligt meddelande----- Från: dovecot-bounces@dovecot.org <dovecot-bounces@dovecot.org> För Lev Serebryakov Skickat: den 12 februari 2022 12:08 Till: dovecot@dovecot.org Ämne: Re: Sv: dovecot mailing list (this mailing list), DKIM, SPF and DMARC
On 11.02.2022 16:31, Marc wrote:
(sorry for posting to list this, but I don't have any ways to contact Marc off-list now)
Problem is, I need to unpack each of them to be sure, that these are false positives and I'm afraid, that it could lower reputation of my mail server IP address with major providers (like Google Mail).
How can you get a lower reputation? Afaik dmarc is just signing your outgoing messages. Marc, my domain already has problems sending mail to you, for example:
<Marc@f1-outsourcing.eu>: host spam1.roosit.eu[212.26.193.45] said: 553 5.3.0 550We have blocked this toplevel because of spam. Use another toplevel until the maintainer has resolved these issues (in reply to MAIL FROM command)
-- // Black Lion AKA Lev Serebryakov
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Yep. Its a lot of TLDs that is banned at me, but I haven’t had any problems with .ru so .ru isn’t yet banned.
Here is my TLD banlist:
deny
message = 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )
condition = ${if eq {$acl_m4}{dnswl_whitelisted}{no}{yes}}
sender_domains = ^(?i).*\\.(accountant|accountants|asia|auto|berlin|bid|buzz|camera|car|cam|cars|christmas|click|club|college|computer|country|cricket|date|design|download|exposed|email|fail|faith|fit|fun|gdn|global
|guru|help|host|jetzt|kim|icu|life|live|link|loan|london|media|men|mom|news|ninja|online|party|photography|pro|protection|pub|racing|realtor|reise|ren|rent|rest|review|rocks|science|security
|shop|site|solutions|space|storage|store|stream|study|surf|tech|technology|theatre|today|top|trade|university|uno|us|viajes|vip|vividal|wang|webcam|website|win|work|works|world|xin|xyz|zip|xn--.*)\$
This crap that ICANN started with “custom” TLDs is of more harm than useful. So much spam TLDs in the registry.
Från: dovecot-bounces@dovecot.org <dovecot-bounces@dovecot.org> För justina colmena ~biz Skickat: den 12 februari 2022 14:06 Till: dovecot@dovecot.org Ämne: Re: Sv: Sv: dovecot mailing list (this mailing list), DKIM, SPF and DMARC
The ".top" TLD is popular among Russian spammers, ".ru" is a little too obvious and honest for what it is, unless that's part of Biden's sanctions, the others you mention look like vice domains, but looking at GitHub:
There's an "Oy" which is a Finnish "osalliyhdistys" and a ".fi" -- I have not heard of recent hostility between Finland and Russia, notwithstanding the Ukraine situation. Your mail client is all configured in Swedish, but Sweden & Finland are not officially part of NATO, AFAIK, and Sweden has its own currency whereas Finland did give up the markka in exchange for the Euro some 20-odd years ago I don't recall.
On February 12, 2022 2:58:03 AM AKST, Sebastian Nielsen <sebastian@sebbe.eu <mailto:sebastian@sebbe.eu> > wrote:
Thats a TLD ban. Meaning *.ru is banned.
same applies for my domain for example, I ban *.xyz, *.date and a few others.
-----Ursprungligt meddelande----- Från: dovecot-bounces@dovecot.org <mailto:dovecot-bounces@dovecot.org> <dovecot-bounces@dovecot.org <mailto:dovecot-bounces@dovecot.org> > För Lev Serebryakov Skickat: den 12 februari 2022 12:08 Till: dovecot@dovecot.org <mailto:dovecot@dovecot.org> Ämne: Re: Sv: dovecot mailing list (this mailing list), DKIM, SPF and DMARC
On 11.02.2022 16:31, Marc wrote:
(sorry for posting to list this, but I don't have any ways to contact Marc off-list now)
Problem is, I need to unpack each of them to be sure, that these
are false positives and I'm afraid, that it could lower reputation of my mail server IP address with major providers (like Google Mail).
How can you get a lower reputation? Afaik dmarc is just signing your outgoing messages.
Marc, my domain already has problems sending mail to you, for example:
<Marc@f1-outsourcing.eu <mailto:Marc@f1-outsourcing.eu> >: host spam1.roosit.eu[212.26.193.45] said: 553 5.3.0 550We have blocked this toplevel because of spam. Use another toplevel until the maintainer has resolved these issues (in reply to MAIL FROM command)
-- // Black Lion AKA Lev Serebryakov
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
On 2022-02-12 12:58, Sebastian Nielsen wrote:
Thats a TLD ban. Meaning *.ru is banned.
ru tld is not this time
same applies for my domain for example, I ban *.xyz, *.date and a few others.
why ban tld ?
<Marc@f1-outsourcing.eu>: host spam1.roosit.eu[212.26.193.45] said: 553 5.3.0
lets see
On Sat, Feb 12, 2022 at 12:58:03PM +0100, Sebastian Nielsen wrote:
Thats a TLD ban. Meaning *.ru is banned.
same applies for my domain for example, I ban *.xyz, *.date and a few others.
I don't understand at all why banning tld is reasonable. I'm not rich. I buy .rocks and .xyz .rocks really works well with the domain name. .xyz is short, memorable and easy to type.
I can't afford to buy domain names that cost $200 a year to purchase. .com .net .info , etc. have run out of the names I wish to use.
I have never ever sent a single spam email, but you would block my emails? Bluntly said, but without malice, that attitude favors the rich over the poor. I refuse to trust the BIG guys. My dad uses yahoo and gets emails yanked away while he is reading it.
Also, I can't find a server company that has IP blocks that are clean enough. I truly wish I could.
There are many other methods to block spam. IMHO, blocking by tld is a bit harsh.
But you have the right to do whatever method you wish. I will only point out my thoughts. SPAM sucks! :-)
-- Chris Bennett
On 2022 Feb 16, at 10:22, Chris Bennett <chris-dvcot@freedomforlife.rocks> wrote:
On Sat, Feb 12, 2022 at 12:58:03PM +0100, Sebastian Nielsen wrote:
Thats a TLD ban. Meaning *.ru is banned.
same applies for my domain for example, I ban *.xyz, *.date and a few others.
I don't understand at all why banning tld is reasonable.
For the same reason that banning roadrunner was reasonable, the vast majority of mail from these new TLDs is nothing but spam, and I mean at levels far higher than the 97% of general email spam percentage.
When I blacklisted .top I has getting hundreds of thousands of spam emails a day on a quite small mail server, so much mail that it was overwhelming my server.
I have seen very few new olds that are not major spam magnets, and when I do, I unblock them.
But my default position is that ever TLD is locked except for the ones I specifically allow.
I'm not rich.
The vast majority of olds are quite cheap.
I can't afford to buy domain names that cost $200 a year to purchase. .com .net .info , etc. have run out of the names I wish to use.
If you are paying $200/yr for a domain name you are doing something very wrong. I am saying about $12/year. Maybe as high as $15/yr? I'd have to check, it is such a low number I don't really know.
I have never ever sent a single spam email, but you would block my emails?
Yep.
Bluntly said, but without malice, that attitude favors the rich over the poor.
No, it's not an economic issue at all. You are confusing your DESIRE for a cheap domain 'you want' with having to get a domain in a skeezy TLD.
I refuse to trust the BIG guys.
That is your choice. My choice is to not accept mail from .xyz or .rocks or .top or many hundreds of others.
Email, having been designed a long time ago, has no mechanism for stopping bad behavior, so it is up to each admin to do what they can to stop unwanted mail. The vast majority of email that is sent is dangerous, malicious, illegal, or unwanted. Not like 505, but in the high 90s.
The mail that a system accepts is based on a variety of trust characteristcis that are pretty much unique to every server.
My mail server checks the IP address for every connection against several RBLs, checked the connection for certain behaviors before it even allows the connection to start talking to the mail server. Once communication occurs, it checks a lot more things before accepting the message. Nearly every connection attempt is refused and nearly every message that is attempted to be sent is rejected. Even so, of the mail that is accepted, 80% is spam and ends up in the user's junk mail box.
My dad uses yahoo and gets emails yanked away while he is reading it.
This has nothing to do with TLDs.
There are many other methods to block spam. IMHO, blocking by tld is a bit harsh.
That is your opinion and that is fine. But your opinion has zero effect on admins who block TLDs. You have no idea how big an issue spam really is and how much time mail mins spend trying to control it to simply a deluge.
This also is probably not the best group for this discussion.
-- I loved you when our love was blessed I love you now there's nothing left But sorrow and a sense of overtime
(sorry for posting to list this, but I don't have any ways to contact Marc off-list now)
Problem is, I need to unpack each of them to be sure, that these are false positives and I'm afraid, that it could lower reputation of my
server IP address with major providers (like Google Mail).
How can you get a lower reputation? Afaik dmarc is just signing your outgoing messages. Marc, my domain already has problems sending mail to you, for example:
<Marc@f1-outsourcing.eu>: host spam1.roosit.eu[212.26.193.45] said: 553 5.3.0 550We have blocked this toplevel because of spam. Use another toplevel until the maintainer has resolved these issues (in reply to MAIL FROM command)
--
.ru is not blocked. The connect is originating from a .xyz host.
Google's corporate web page, Alphabet, Inc., is on the ".xyz" top level domain.
I suppose Sergey Brin is Russian as well, so what have you there?
Perhaps you have inadvertently confused ".xyz" with the ".xxx" TLD. The popular grade school acronym for "eXamine Your Zipper" is obviously not commercially desirable for the same purposes, although I cannot vouch for particular instances.
On February 12, 2022 5:51:12 AM AKST, Marc <Marc@f1-outsourcing.eu> wrote:
(sorry for posting to list this, but I don't have any ways to contact Marc off-list now)
Problem is, I need to unpack each of them to be sure, that these are false positives and I'm afraid, that it could lower reputation of my
server IP address with major providers (like Google Mail).
How can you get a lower reputation? Afaik dmarc is just signing your outgoing messages. Marc, my domain already has problems sending mail to you, for example:
<Marc@f1-outsourcing.eu>: host spam1.roosit.eu[212.26.193.45] said: 553 5.3.0 550We have blocked this toplevel because of spam. Use another toplevel until the maintainer has resolved these issues (in reply to MAIL FROM command)
--
.ru is not blocked. The connect is originating from a .xyz host.
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Google's corporate web page, Alphabet, Inc., is on the ".xyz" top level domain.
Google is probably to most fined company of all mentioned on this list, breaking countless laws over decades. That is the company you have as reference?
No. I havent confused .xxx with .xyz .
*.xyz is a EXTREMELY spammy TLD.
Here is a excerpt out of my log for 2022 about .xyz, if you look on the domain names, you will see that its obvious spam:
root@sebastian-desktop:/var/log/exim# grep "2022.*\.xyz>: 5.7.1 Banned TLD" mainlog
2022-01-05 11:52:10 H=(sweeps.silencilbottelsks.xyz) [104.223.228.229] rejected MAIL <ringingears@silencilbottelsks.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )
2022-01-05 15:40:20 H=(customise.biofungusnukfjj.xyz) [104.223.228.231] rejected MAIL <biofungusnuker@biofungusnukfjj.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )
2022-01-07 08:32:02 H=(termly.archetypeprodsl.xyz) [104.223.228.210] rejected MAIL <individualogistcom@archetypeprodsl.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )
2022-01-07 10:15:47 H=(malcontents.utlimateketodskd.xyz) [104.223.228.248] rejected MAIL <theultimateketomeal@utlimateketodskd.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )
2022-01-07 11:42:47 H=(paddings.sharpearfks.xyz) [104.223.228.196] rejected MAIL <sharpear@sharpearfks.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )
2022-01-07 13:14:14 H=(enlisting.visiumdksd.xyz) [104.223.228.201] rejected MAIL <visiumplus@visiumdksd.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )
2022-01-07 15:12:41 H=(justification.dentittoxdsprosd.xyz) [104.223.228.197] rejected MAIL <dentitox@dentittoxdsprosd.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )
2022-01-07 16:39:22 H=(sociolinguistic.biofungusnukasdsl.xyz) [104.223.228.206] rejected MAIL <biofungusnuker@biofungusnukasdsl.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )
2022-01-07 17:52:26 H=(intact.bloodsugarblasterkgf.xyz) [104.223.228.209] rejected MAIL <bloodsugarblaster@bloodsugarblasterkgf.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )
2022-01-09 09:08:32 H=(sumo.sonavelskds.xyz) [104.223.228.237] rejected MAIL <sonavel@sonavelskds.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )
2022-01-09 10:44:20 H=(obscures.glucofortfk.xyz) [104.223.228.205] rejected MAIL <glucofort@glucofortfk.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )
2022-01-09 12:14:08 H=(monolayers.prostastreamskds.xyz) [104.223.228.232] rejected MAIL <prostastream@prostastreamskds.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )
2022-01-09 13:56:18 H=(jailer.energycubesystemkdf.xyz) [104.223.228.202] rejected MAIL <energycubesystem@energycubesystemkdf.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )
2022-01-09 15:32:16 H=(britons.steelbiterofkdf.xyz) [104.223.228.213] rejected MAIL <steelbitepro@steelbiterofkdf.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )
2022-01-09 16:52:24 H=(plopping.bloodpresour.xyz) [104.223.228.246] rejected MAIL <bloodpressure911@bloodpresour.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )
2022-01-15 08:38:50 H=(bismuth.coldwargenhjgf.xyz) [104.223.228.243] rejected MAIL <coldwargenerator@coldwargenhjgf.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )
2022-01-15 09:56:21 H=kunnau.wittynakell.com (countenances.waterfreedomsysdfgh.xyz) [134.73.26.221] rejected MAIL <waterfreedomsystem@waterfreedomsysdfgh.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )
2022-01-15 11:43:17 H=odiara.armoytrontes.com (cramping.ultramanigh.xyz) [134.73.26.233] rejected MAIL <ultramanifestation@ultramanigh.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )
2022-01-15 13:28:54 H=engblk.telewonderfulkings.com (agree.herpagreenhgfd.xyz) [134.73.26.208] rejected MAIL <herpagreens@herpagreenhgfd.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )
2022-01-15 14:43:36 H=kriisi.telewonderfulkings.com (vices.bloodpressourfgjhn.xyz) [134.73.26.200] rejected MAIL <bloodpressure911@bloodpressourfgjhn.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )
2022-01-15 15:54:50 H=gauda.armoytrontes.com (mediocrity.7dayprayerdskj.xyz) [134.73.26.231] rejected MAIL <7dayprayermiracle@7dayprayerdskj.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )
2022-01-15 17:38:13 H=gelanc.telewonderfulkings.com (extroversion.proflighthjkg.xyz) [134.73.26.202] rejected MAIL <speciallaunchprice@proflighthjkg.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )
2022-01-15 20:15:17 H=752091-cf18567.tmweb.ru (ourhealthproducts.xyz) [92.53.107.122] rejected MAIL <bxcO3@ourhealthproducts.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )
2022-01-16 08:44:33 H=jeczo.wittynakell.com (sedated.sharpeardjds.xyz) [134.73.26.219] rejected MAIL <sharpear@sharpeardjds.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )
2022-01-16 10:14:10 H=simog.ecklark.com (rocky.primalfgrowks.xyz) [134.73.26.247] rejected MAIL <primalgrow@primalfgrowks.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )
2022-01-16 11:57:58 H=spewer.armoytrontes.com (friend.trumpcoinfdfs.xyz) [134.73.26.226] rejected MAIL <trump2020goldplatedcoin@trumpcoinfdfs.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )
2022-01-16 13:38:22 H=cushio.armoytrontes.com (trumpeted.glucaforetjds.xyz) [134.73.26.227] rejected MAIL <glucofort@glucaforetjds.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )
2022-01-16 14:57:24 H=armoytrontes.com (wedge.myshedplandks.xyz) [134.73.26.225] rejected MAIL <myshedplan@myshedplandks.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )
2022-01-16 14:58:56 H=(odfcvsn.xyz) [45.9.72.47] rejected MAIL <g1mNpF5Y8O@okmhjk.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )
2022-01-16 16:35:34 H=tiemen.armoytrontes.com (ready.energycubesysdpres.xyz) [134.73.26.235] rejected MAIL <energycubesystem@energycubesysdpres.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )
2022-01-24 22:24:19 H=(ylg888.cn) [121.5.153.59] rejected MAIL <dene@odabas.xyz>: 5.7.1 Banned TLD where sending IP is not listed on DNSWL ( https://www.dnswl.org/selfservice/?action=register )
root@sebastian-desktop:/var/log/exim#
You propably see now how bad of a TLD *.xyz is. Wish ICANN could nuke that TLD out of orbit.
Från: dovecot-bounces@dovecot.org <dovecot-bounces@dovecot.org> För justina colmena ~biz Skickat: den 12 februari 2022 16:40 Till: dovecot@dovecot.org Ämne: RE: Sv: dovecot mailing list (this mailing list), DKIM, SPF and DMARC
Google's corporate web page, Alphabet, Inc., is on the ".xyz" top level domain.
I suppose Sergey Brin is Russian as well, so what have you there?
Perhaps you have inadvertently confused ".xyz" with the ".xxx" TLD. The popular grade school acronym for "eXamine Your Zipper" is obviously not commercially desirable for the same purposes, although I cannot vouch for particular instances.
On February 12, 2022 5:51:12 AM AKST, Marc <Marc@f1-outsourcing.eu <mailto:Marc@f1-outsourcing.eu> > wrote:
(sorry for posting to list this, but I don't have any ways to contact Marc off-list now)
Problem is, I need to unpack each of them to be sure, that these are
false positives and I'm afraid, that it could lower reputation of my
server IP address with major providers (like Google Mail).
How can you get a lower reputation? Afaik dmarc is just signing your
outgoing messages. Marc, my domain already has problems sending mail to you, for example:
<Marc@f1-outsourcing.eu <mailto:Marc@f1-outsourcing.eu> >: host spam1.roosit.eu[212.26.193.45] said: 553 5.3.0 550We have blocked this toplevel because of spam. Use another toplevel until the maintainer has resolved these issues (in reply to MAIL FROM command)
--
.ru is not blocked. The connect is originating from a .xyz host.
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
On 2022-02-11 12:29, Lev Serebryakov wrote:
On 09.02.2022 16:33, Aki Tuomi wrote:
I'm participating in ~20 mailing lists and only this one gives a storm of DMARC reports on each my posting.
+1
Problem is, I need to unpack each of them to be sure, that these are false positives and I'm afraid, that it could lower reputation of my mail server IP address with major providers (like Google Mail).
your problem is that ARC seal, ARC sign, is not used or even trusted at the dmarc reporting host
this will make noice and false reporting :/
until this is solved turn off reporting in dmarc policy
We did that replacement for a while, but people complained. We have ARC signing there, unfortunately it only works if you trust it.
i can make that strong, people should learn on ARC, and use rspamd or wait for spamassassin 4, gmail does not let users change there missing problems with no dnssec domains, how can google be serius there ?
wait for spamassassin 4, gmail does not let users change there missing problems with no dnssec domains, how can google be serius there ?
google is only to be taken serious with acquiring new clients, if they would take email serious they would eg spend money on filtering their out going spam and use -all in their spf.
On 2022-02-11 16:27, Marc wrote:
wait for spamassassin 4, gmail does not let users change there missing problems with no dnssec domains, how can google be serius there ?
google is only to be taken serious with acquiring new clients, if they would take email serious they would eg spend money on filtering their out going spam and use -all in their spf.
ARC-Authentication-Results: i=1; talvi.dovecot.org; dkim=none; dmarc=none; spf=pass (talvi.dovecot.org: domain of Marc@f1-outsourcing.eu designates 212.26.193.44 as permitted sender) smtp.mailfrom=Marc@f1-outsourcing.eu
+1
On February 4, 2022 11:56:53 AM AKST, Lev Serebryakov <lev@serebryakov.spb.ru> wrote:
After that I've got several DMARC reports about "spam" from my domain. All these reports are about my mailing list post.
Interesting. That's exactly how DMARC is supposed to work with reporting enabled. So you've got that set up correctly at any rate!
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
participants (15)
-
@lbutlr
-
Aki Tuomi
-
Benny Pedersen
-
Chris Bennett
-
Dave McGuire
-
dovecot@ptld.com
-
hi@zakaria.website
-
Julien Salort
-
justina colmena ~biz
-
Lev Serebryakov
-
lists
-
Marc
-
Sebastian Nielsen
-
Stuart Henderson
-
Zakaria