mail are not Google's customers, and
it's quite possible that some of those non-customers
marked your proxy vote mail as spam even though their brokers think they asked
for it.
If you want I can make some informal suggestions.
R's,
John
PS:
>This message and any attachme
rvers, web server, and mail server are all on the same
Google Cloud IP. When I connect to the mail server, it thinks its name
is saturn.spaceout.com and accepts mail to
postmas...@antiquefancollectors.com, at least as far as the RCPT TO.
R's,
John
__
hat config file that
is ?
Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
esn't change.
Assuming you can give the CA the request you want it to sign, that should work
for any CA.
R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
d this agreement? They put you in an impossible position from
which I see no escape that doesn't involve a lot of money.
R's,
John
PS: You would not believe how many people wrongly believe that my Gmail address
is their address. For example, I get mail nearly every day for a guy who
er 14 day free trials, no credit card
needed. For a company that does what they do, that seems ill-advised.
Free trials are OK, but free trials when you have no idea who the "customer" is?
R's,
John
___
mailop mailing list
ng
to lie their way out of being blocked, they'd have more luck recognizing
the trickle of real ones.
It is my impression that most of them do deal with legit requests, but of
course those don't get complained about here.
R's,
John
; > mailop mailing list
> > mailop@mailop.org
> > https://list.mailop.org/listinfo/mailop
>
> -- next part --
> An HTML attachment was scrubbed...
> URL:
> https://list.mailop.org/private/mailop/attachments/20250620/365a231f/attachment-0001.htm
>
>
> --
>
> Subject: Digest Footer
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
>
> --
>
> End of mailop Digest, Vol 59, Issue 24
> **
publickey - john@johnalan.org - 0x93FBB512.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
meant for the "exists:" mechanism, even if they
>are technically valid for such a mechanism.
I believe you misspelled "file a bug report with your firewall vendor telling
them that this gratuitous traffic mangling
is not what you are paying them for."
R's,
John
ine for exists: since the name exists. Perhaps you could give us
more details of your failure scenario.
R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
creates syntactically invalid
messages so it's quite
a good signal of mail from botnets.
Pro Tip: if you don't want to be treated as a spammer, don't act or look like
one.
R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
th dashes, so I doubt it would pose any
issues, but I wonder if Google doesn't like the dash in the name for some
reason.
~Allen K
On Thursday, May 29, 2025 at 03:20:54 PM EDT, John Levine via mailop
wrote:
It appears that Al Iverson via mailop said:
-=-=-=-=-=-
-=-=-=-=-=-
I'
re are a lot of characters that look like a hyphen, including several
flavors of dash. A-labels (the real name of labels that include punycode)
should not be a problem, but non-ASCII characters in the mailbox should
fail unless your mail system supports EAI w
d text and not at all
>> suitable for machine parsing.
>
>Right.
>
>The situation should be getting better over time, but ccTLD registries
>are resistant to community pressure.
I find about half of the ccTLDs use the common format. There are scripts that
try to
pars
It appears that Bill Cole via mailop
said:
>For implicit TLS (as on ports 443, 465, 587, 993, 995) the client
yes, yes, no, yes, yes
Maybe someone configured the port wrong?
R's,
John
___
mailop mailing list
mailop@mailop.o
It appears that Marco Moock via mailop said:
>Resent, as I sent only to the author...
>
>Am 15.05.2025 um 11:28:10 Uhr schrieb John Levine:
>
>> Forwarding is indeed a pain. but this is confused. If you want SPF to
>> work you need to change the MAIL FROM bounce address b
used in phishing and email spam."
Unfortunately, that is still completely wrong.
I fixed it by splicing in the description from the abstract in RFC 6376.
R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
ROM bounce address but that has no
effect on the contents of the message. One of the goals of DKIM was
that it works even if the message is forwarded.
R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
dy list, or more likely they're testing to
see whether the mail domain has a wildcard that accepts ecerything. My MTA has
a special listwash mode which says no to long addresses and yes to short ones,
regardless of whether they actually exist.
That local par
From: John Levine
To: mailop@mailop.org
Subject: Re: [mailop] Have Google and Apple phased out SRS / SPF?
In-Reply-To: <89a27b2c-65fa-4e93-8387-ba02f0bad...@fh-muenster.de>
Organization: Taughannock Networks
Cc: b...@fh-muenster.de
Bcc: johnl-sent
References: <20250506113306.02062...@
It appears that Thomas Walter via mailop said:
>On 07.05.25 03:30, John Levine via mailop wrote:
>> It ends with -all which means "don't forward my mail." Other mail systems
>> are doing exactly what you're asking them to do.
>
>hm. I feel that if you f
0/22 ip4:157.161.10.0/24
ip4:157.161.9.0/24 ip4:157.161.139.0/24 include:_spf1.imp.ch -all"
It ends with -all which means "don't forward my mail." Other mail systems are
doing exactly what you're asking them to do.
R's,
John
&q
It appears that Nick Schafer via mailop said:
>-=-=-=-=-=-
>-=-=-=-=-=-
>
>Hi John,
>
>I'll look into getting abuse.net updated. In the meantime, ab...@mailgun.com
>will come to us.
Um, we're on it.
R's,
John
>Nick Schafer | Sr. Manager, Deliverabili
It appears that Nick Schafer via mailop said:
>-=-=-=-=-=-
>-=-=-=-=-=-
>
>Just to follow up on this thread. We are actively working on abuse reports as
>they come into our abuse desk each and every day. If you are not receiving an
>update to those requests, then please reach
>out to me and I'll
ss with for my furry family members
employ third-party services for making appointments, purchasing Rx, etc. who
feel the need to send out a constant stream of mail *I* believe unhelpful. I
simply unsub (or close the account).
publickey - john@johnalan.org - 0x93FBB512.asc
Description: applicati
website and signed up for its newsletter. ...
That makes sense. Is there somewhere on Godaddy's dashboard where you can
check what other easter eggs you might have signed up for and forgotten?
R's,
John
From what you've described, it sounds like someone thought you (for some
ccess to over 400 domains, the potential for more serious actions
would have been substantial.
Indeed.
R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
eak is?
Keep in mind it might not be deliberate, e.g. shoulder surfing or a lucky
guessing attack.
R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
SES works pretty well, too, but there would be ongoing costs
>incurred, of course.
100K messages/day would cost over $500/mo. I can get a VPS for under $50.
I realize there is some software work either way but having seen the IETF
try and fail to send mail through SES I'm no
airly
quickly and turn off the corresponding accounts. (Yeah, I know about sending a
message with a link, but people use throwaway address places that work for a day
and then stop.)
I have a place to host a VPS and send mail which is not Google or AWS or Azure
so th
e not willing to solve your own problems, you
don't get to ask other people to solve them for you. I have over 300 certs
from Lets Encrypt and tools that renew them automatically every 90 days.
They work fine.
R's,
John
PS:
>I have a very accurate SPF. But I refuse to use any other
to set up but it works great. My mail server has 100 names
and 100 certs (one for each domain it hosts) and the renewals all work
automatically.
R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
quot; were about a misconfiguration in
the mail server to use obsolete cryptography.
What else did you change when you installed the new cert?
R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
the subdomains and if
it gets NXDOMAIN it will stop and return a NXDOMAIN for the
original query.
R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
re's still
lots
of churn as old ones expire and new ones are created but the trend is down.
R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
ent
DNS provider since that is simply wrong and has always been wrong.
DKIM has been around for a decade. They never heard of it? They never had other
customers who need DKIM or DMARC or SRV records with prefix names? What
millenium do they think this is?
R's,
John
___
ny NNTP server. The moderation
addresses are all public and now and then they make it onto spam lists.
For the usenet groups I moderate I have had to specially whitelist the
moderator hosts so I don't accdentally report the small amounts of spam
that the
It appears that Dan Malm via mailop said:
>On 2025-03-09 19:18, John Levine via mailop wrote:
>> My users, who are not idiots
>
>That must be nice ;)
Many of them are related to me, so perhaps it should be
my users, who are no more idiotic than I am,
It appears that Jaroslaw Rafa via mailop said:
>Dnia 7.03.2025 o godz. 20:39:47 John Levine via mailop pisze:
>> I have a fake auth on port 25. Local users sending mail do real auth on
>> port 465 or 587.
>>
>> I get plenty of bot auth traffic on port 25.
>
>B
age to check whether
>the host+login+password combination would actually work for spamming.
I have a similar fake auth honeypot on my mail servers. The messages are
all short ones back to a maildrop saying what seemed to work.
R's,
John
__
sword.
I have a fake auth on port 25. Local users sending mail do real auth on port
465 or 587.
I get plenty of bot auth traffic on port 25.
R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
ve
>seen it is marked as experimental for like 6 years now?>
Probably never. ARC has found some use internally at large mail systems but
the fact
that for it to be useulf you still need to keep a list of trusted forwarders
means
it's not goin
It appears that Grant Taylor via mailop said:
>On 2/11/25 5:12 AM, Alessandro Vesely via mailop wrote:
>> And what happens if the amount is exceeded?
>
>I don't know.
They politely write to you and ask you to pay.
It's freemium, hardly the only service that w
rs. I don't
ever recall seeing a ZIP file in a DMARC repprt that didn't have the expected
PK\3\4 at the front.
People send all sorts of garbage in reports. You definitely need to be prepared
for your ZIP decoder to fail if the attachment is truncated or corru
type is sometimes wrong so you're better off sniffing the first
few bytes of the attachment to see what format it is. No, they shouldn't do
that
either. But they do.
R's,
John
--
Regards,
John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for
According to John Levine via mailop :
>>>It would, but fallback to A has been part of SMTP since RFC 974 in 1986 and
>>>it's
>>>not going away now.
>>
>>I believe it should go away asap.
I asked the guy who wrote 974 who says fallback to A was intende
It appears that Matus UHLAR - fantomas via mailop said:
>On 30.01.25 13:28, John Levine via mailop wrote:
>>That would reject all mail from Gmail and every other large provider I know.
>>Seems a bit extreme. It'd even reject mail from my tiny system since the
>>inboun
ty
>of systems will reject attemtps to send mail from such a domain, mine
>included, and I, for one, have not intention of changing that.
Yup, that's what section 4.2 of RFC 7505 says.
R's,
John
--
Regards,
John Levine, jo...@taugh.com, Primary Perpetrator of "The Interne
lso descrived the WKS (Well Known Services) record
that a domain could publish to say which services it supports, but that never
worked. We invented null MX several decades later as a simpler alternative
which does actually work if you use it.
R's,
John
ip4:166.84.7.238
ip6:2602:f977:800:f7f6::/64
R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
p and
misinterpreted it as a NOERROR or NXDOMAIN.
R's,
John
PS:
>Please don't Cc: me, use only the list for replies.
Please send me a copy of any replies since they get sorted differently.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
the CRLF in front of it
are optional. I agree that any mail program that barfs on a message that
only contains headers is pretty broken.
R's,
John
--
Regards,
John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Pl
at all...
If it really just has an LF rather than CR LF that suggests your IMAP server is
misconfigured.
R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
at due to something in German law, it is much easier for them to
route customer spam to different IPs that are all junk all the time rather than
to discard or reject it themselves.
R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
7;s mail server. I consider that a feature.
As others have noted, if you're going to put all your account's mail
into your Gmail account anyway, there's not much reason to hide the password.
What are they going to do with it that you haven't already asked them to do?
R's,
ware that Wikipedia uses so if you've edited Wikipedia entries,
you know how to use it.
R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
hese days has an HTML-Capable mail client, but maybe I was wrong.
>
>My two MUAs are Alpine and MH. Blissfully HTML free since 1984!
Alpine does a perfectly good job of displaying HTML mail. I agree that
it doesn't send HTML.
R's,
John,
ose addresses send mostly spam,
>Gmail's statistical system may presume that all messagees from all such
>addresses are spam.
eu.org hands out free subdomains. As its home page notes, it has nothing to do
with the EU.
As I may have noted once or twice, often free services are wort
hens, i.e., a hostname.
They really are forbidden, any DKIM selector with an underscore is invalid.
R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
ere any harm in testing its use?
My dim recollection is that it was intended to help deal with mail that went
through mailing
lists that add subject tags and the like. Needless to say, it didn't work.
I don't see any harm in adding z= tags but I would be surprised if anyone
l
mailop mailing list
mailop@mailop.org <mailto:mailop@mailop.org>
https://list.mailop.org/listinfo/mailop
<https://list.mailop.org/listinfo/mailop>
___
mailop mailing list
mailop@mailop.org
yesterday I got 10102 IPv4 messages that it
recognized as spam at SMTP time, and 574 that made it to the next stage,
along with 172 IPv6 messages, none obvious spam since spammers still
mostly haven't discovered IPv6
That's over 90% spam, but again, my mail system is tiny.
Regards,
John
It’s this draft, not formally published.IEEE Xplore Full-Text PDF:ieeexplore.ieee.orgPlease consider the environment before reading this message.John Levine, jo...@taugh.com On Dec 9, 2024, at 12:09, Dave Crocker wrote:
On 12/9/2024 8:59 AM, John Levine via
ages for a week
and then multiplied by ten billion.
R's,
JOhn
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
ibe works, and the upcoming DKIM2 will only work with single
recipient messages to deal with spam blowback and replay attacks.
Before someone complains about how wasteful it is to send multiple copies,
give me a break. Mail messages are tiny. When you stream a movie, that's
as much data as you
s ago
when 2821 was
written. We agree it's not relevant now.
R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
cient storage" seems relevant to too many
recipients) and
the IANA table is wrong.
R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
nge the MX first
before you've set up any mailboxes, which makes no sense -- how will it know
what to do with the mail?
Can someone who's done this before give me some hints? TIA.
R's,
John
___
mailop mailing list
mailop@mailop.or
y mail. I
just looked, with mail received as recently as this morning.
There are at least two people on this list with knowledge of Yahoo's internal
workings who might be able to offer some hints.
R's,
John
___
mailop mailing list
mailop@mailop.or
x27;s going to be a lot easier and
cheaper than trying to figure out SES and SNS and all the other stuff you have
to do to run on AWS.
I still don't understand why you want to permaently store all your spam in
IPFS, though.
R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
ions
when two agents
try to work in the same file. Maildir is sort of cheating there since you get
the locks
for free on atomic operations like rename() or unlink().
It's not immediately clear to me what kind of mail you'd want to put on a
write-once file
system. The vas
sendmail, but whatever.) The
hard part is what you do once it's in the folder.
R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
hich will also be rejected, but so what?
R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
ess a typically "it
depends" case. 😉
It's really up to you. I might know some people at Cloudflare but their
usual response when you tell them about DNS errors is "it works OK for
me."
Thanks again for the input from all.
Regards
Norbert
-Ursprüngliche N
just wrong. I don't know what Cloudflare is
thinking.
R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
It appears that Viktor Dukhovni via mailop said:
>On Sat, Oct 26, 2024 at 02:16:51PM -0400, John Levine via mailop wrote:
>> It appears that Gino via mailop said:
>> >Those awful RSA keys. What's the consensus on using only ed25519 DKIM
>> >signatures?
>>
It appears that Gino via mailop said:
>Those awful RSA keys. What's the consensus on using only ed25519 DKIM
>signatures?
You'll lose a lot of mail, because very few systems implement them.
I wrote the RFC and I still haven't gotten aro
string in
the DKIM record, and
three more in the second string. Check it yourself. I can imagine how
unhelpful line wrapping
and copy/paste did that.
If he gets rid of those, the DKIM signatures will work a lot better.
R's,
John
___
m
It appears that A. Schulze via mailop said:
>that's nice! May you tell more about the configuration? Is it postfix
>or qpsmtpd?
Neither, it's mailfront.
R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
, just enough to
tell what host allowed the AUTH for subsequent misuse.
I can tell you a whole lot of addresses that are used to collect those messages
if only
anyone cared.
R's,
John
PS: I have real SMTP AUTH on my submission server but it has a different name
and isn&#
ts in the bodies of messages
with ASCII addresses. There is vastly more 8BITMIME mail than SMTPUTF8.
Yes, you can QP or base64 encode your UTF-8 mail bodies but demanding
that people do so in 2024 when every computer outside a history museum
has 8-bit clean internal architecture is pretty perverse.
)
qmail has been ignoring 8BITMIME and sending 8-bit since 1998, with very few
problems.
Nothing in DKIM contemplates downcoding a signed message. In the twenty years
that
DKIM has been around, I don't ever recall it coming up. Mimecast really needs
to
get their software into the 21
Nope, still shows the display name.
I see a Full Address Column add-on that can show the sender's address or just
the domain.
R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
ress.
When you open the message, it shows both in the header pane.
R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
ed it should be. Often it is. But not always.
R's,
John
On Friday, 11/10/2024 at 00:21 John Levine via mailop wrote:
It appears that Dave Crocker via mailop said:
On 10/9/2024 11:57 PM, Matus UHLAR - fantomas via mailop wrote:
checking SPF is a fallback mechanism.
SPF is a fairly comple
an SPF record and nothing else will be
sad. But I can't feel very sorry for them.
R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
which about 5000 have x=. Here's the most common signing domains.
I put x= on my own mail with an expiration time of a week. I figure
if you haven't looked at the signature by then, too bad.
R's,
John
1813 gmail.com
217 messagingengine.com
158 google.com
103 yahooinc.com
1
is hard, and trying to take
shortcuts will make you sorry.
R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
o:
https://www.ietf.org/archive/id/draft-klensin-idna-rfc5891bis-07.html
R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
t
> of idna library, which rejects that domain name with invalid char
That is correct. IDNA is only for encoding hostnames, and hostnames do not allow
underscores.
For a long discussion of why IDNA is the way it is, see
https://www.ietf.org/archive/id/draft-klen
reverse DNS for both v4 and v6.
I have a few candidates but I'm not going to name them because they all
made it clear that they don't do this for people they don't already know.
R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
;
>> No, that doesn't appear to exist in DNS.
>
>The parent "duke.edu" SOA rname lists: datacom-hostmas...@duke.edu
>Ditto in WHOIS:
The SOA for dhe.duke.edu has the same address.
R's,
JOhn
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
he best we can do these days although of course a sufficiently
clever piece of malware could steal your TOTP seeds along with your passwords.
R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
s with my old keys so if you want to check them, better check
them promptly.
R's,
John
--
Regards,
John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly
ess but the system that manages that domain's mail.
R's,
John
PS: Try sending mail to
fjpxdwzcfvjttmtpobwddboeuadtinwcatpdaynxddpepqioxerlygkouhdl...@m.jl.ly and
I'll get it.
But not too often please.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
ISP to reach out to the user and ask them to "click
>the unsubscribe link" ... :-D
This strikes me as yet another aspect of BMS, Bad Marketer Syndrome, the
totally unwarannted belief that the entire world wants to hear what you
have to say.
R's,
John
ng mail system
is set up to accept anything that Proofpoint or whatever let through,
maybe not.
You can be absolutely sure that you never get 100% of your mail
delivered, no matter what. DMARC only makes that worse.
R's,
John
___
mailop mailing li
My motto that I tell my senders is "Send mail people want to people who want
it." This should cover your personal > personal bucket ;-)
John Alan
Sent with Proton Mail secure email.
> 0111 01110101 01110010 01101001 0110 01110011 01101001
>
> 0111
nosiness, what sort of subject lines would typical mail have?
R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
, sent yourself a message, clicked Junk, and seen
that you got the
report?
Second, what I was actually asking is if something might be sending mail you
don't know about,
due to a misconfiguration or malware. It wouldn't have your DKIM signature so
you wouldn't
get reports.
R'
1 - 100 of 1093 matches
Mail list logo
