ather than mine, but with ?any I am saying
that it definitely could be genuine.
I use forwarding and expect others to forward messages I send to their
users.
In the end I decided that SPF isn't really compatible with forwarding
and voted for a world with forwarding.
--
Andrew C Aitchison
___
t ban you would
claim from your expert.
--
Andrew C Aitchison Cambridge, UK
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
your messages
several hundred K bytes.
If you trim some of the historical messages I suspect that your
messages will get through.
--
Andrew C. Aitchison Cambridge, UK
and...@aitchison.me.uk
POP3 password every time, or do they store it ?
I really, really don't like the idea of encouraging users
to give passwords to third parties.
--
Andrew C. Aitchison Cambridge, UK
and...@aitch
On Thu, 8 Mar 2018, Lyle Giese wrote:
I am unable to get to onmicrosoft.com(hosted exchange), doing a dig
+trace onmicrosoft.com ends up:
onmicrosoft.com. 86400 IN NS ns4.bdm.microsoftonline.com.
onmicrosoft.com. 86400 IN NS ns1.bdm.microsoftonline.com.
onmicrosoft.
vide the same protection
for companies as it does for individuals, so I don't see how it
can affect role email addresses and registered corporate adddresses;
those should be able to stay in WHOIS.
--
Andrew C. Aitchison Cambridge, UK
, IMAP and webmail -
where you do disable TLS 1.0, just in case a TLS version of DROWN
shows up.
Also, does the MTA check the name in the certificate ?
I understand that not all do (or didn't until recently)
since you can't always determine what the name should be.
--
MX record (for envelope sender domain I guess)
as a marker for spaminess ?
(This *should* not matter in Rob's case as there will be an IPv4 MX record.)
--
Andrew C. Aitchison Cambridge, UK
an
collects. If
retrieving a message (without visiting any of the links) will trigger some
modification to the local safe-sender list, I would consider this a serious
bug at the very least.
Wont a simple text MUA like mutt or (al)pine retrieve a message
without visiting any of the links ?
--
Andrew C
special requirements to receive them?
I recieve dmarc aggregate reports from Yahoo to the ruf address in my
_dmarc record; gmail sends forensic/failure reports to the rua address.
... Not exactly *special* requirements, but different, yes.
--
Andrew C. Aitchison
On Tue, 24 Jul 2018, Stefano Bagnara wrote:
It's clear that I'm NOT receiving Yahoo reports, I don't know why...
Are there special requirements to receive them?
On Tue, 24 Jul 2018, Andrew C Aitchison replied:
I recieve dmarc aggregate reports from Yahoo to the ruf addres
orts from google.
Your lawyers do not have to worry.
--
Andrew C. Aitchison Cambridge, UK
and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
3rd-party reports
your defense falls apart.
--
Andrew C. Aitchison Cambridge, UK
and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
I agree that forwarding and distribution lists are the most likely
reasons.
Another common possibility is what exim calls local_part_prefix and
local_part_suffix, often adding a "+" and a tag to the local part of
the address, but I imagine that your operators would recognise those.
I personal
arged by the click, not the view ?
--
Andrew C. Aitchison Cambridge, UK
and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
onally, I really dislike looking at DMARC policy on mail that
doesn't already score as pretty spammy.
--
Dr. Andrew C. Aitchison
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
On Thu, 24 Mar 2016, Suresh Ramasubramanian wrote:
There is of course the other part that various freemails just
might not appreciate their customers sharing passwords with a
third party, like say an esp.
Just like Gmail's Mail Fetcher feature
https://support.google.com/mail/answer/21289?hl=e
time is 08/28/16 06:18. Error code:
SEC_ERROR_EXPIRED_CERTIFICATE
I saw that there was a problem with letsencrpt and available memory.
Any progress ?
Thanks,
--
Andrew C Aitchison Cambridge, UK
___
mailop mailing list
mailop
On Tue, 1 Nov 2016, Jim Cheetham wrote:
Hi Mailop,
We run our listening mail servers with a maximum header size limit of 32768
(Sendmail's default).
We've found at least one "legitimate" sender whose headers are far bigger than
that,
and the reason for this isn't a very long path :-) it's al
ents as attachments rather than inlining them,
although options to switch between thse options would be helpful.
--
Andrew C Aitchison
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
chance that the certificate could be renewed ?
Thanks,
--
Andrew C. Aitchison Cambridge, UK
and...@aitchison.me.uk___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/m
mail.
With single-sign-on I need to make it easy for users not to give the
alternate mail service (and their hackers :-) access to all the
services I provide, along with POP retrieval.
--
Andrew C. Aitchison Cambridge, UK
and...@aitchison.
acklisted due to spamtrap addresses sneaking
into their distribution lists.
Is this deliberate enemy action or collateral damage ?
I'm finding it difficult to see why a general spam bot
would sign spam traps up to a mailing list,
so guess that I am missing somet
sarily result in an overall "fail". (Better names for this
mechanism would have been "if-match", "on-match", etc.)
In practice this means that any "all" records in the include: are ignored.
--
Andrew C. Aitchison K
On Mon, 1 Jul 2019, Simplelists - Andrew Beverley via mailop wrote:
Dear all,
I'm after some general advice about moving to a new outbound email IP
address range.
We have a choice of either applying for a brand new range from RIPE
(which has presumably never been used before to send email), or
also keen to get to ssl-everywhere
and more likely to object to https -> http rejection.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
h
I can understand).
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
On Thu, 22 Aug 2019, Michael Rathbun via mailop wrote:
In our experience, if you mail to addresses that haven't engaged (subscribe,
open, click) in the previous 90 to 180 days, there is a growing tendency for
your IPs/domains to be classified as spammaceous and dealt with appropriately.
You ca
for the "v" tag.
"v=DMARC1;p=none;sp=none;pct=10;rua=mailto:dmarc-mas...@eu.org;ruf=mailto:dmarc-mas...@eu.org";
Thanks,
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
mailop m
I would think that considering the MX when overriding the response code
would be a worthwhile addition to try, whether the machine learning
is AI-based or hard coded.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
d,
if appropriate, who you work for or represent ?
Thanks,
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
On Wed, 12 Jul 2023, ml+mailop--- via mailop wrote:
On Wed, Jul 12, 2023, Andrew C Aitchison via mailop wrote:
Please could you indicate who you are and,
Why?
Sorry, I meant to ask for a name or an alias.
Why ?
Because I don't believe that "the paranoid curmudgeon from esmtp.or
paper mail; why not email ?
Former staff don't have door keys.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
u want to see
how dozens of AV products get on with any particular virus
Use AV products by all means, but don't assume they will catch everything.
Do have plans for if/when you find something; both before and after it
causes harm.
--
Andrew C. Aitchison
hat sort of response when tipping, then I am impressed.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
:https://rdap.arin.net/registry/ip/38.152.0.0
... You may wish to check your rwhois data.
I have also seen "SWIP" mentioned in similar cases ...
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
and vice versa.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
On Sat, 30 Sep 2023, Andrew C Aitchison wrote:
On Sat, 30 Sep 2023, Jay R. Ashworth via mailop wrote:
I haven't even heard exim *mentioned* in like 20 years; these stats can't
be right, can they?
https://www.bleepingcomputer.com/news/security/millions-of-exim-mail-servers-expos
m/security/2023/09/critical-vulnerabilities-in-exim-threaten-over-250k-email-servers-worldwide/?comments=1
gives a more plausible stat.
[ A quick grep suggests 12 other mailop threads this year have mentioned exim. ]
--
Andrew C. Aitchison Kendal, UK
On Sat, 30 Sep 2023, Carsten Schiefner via mailop wrote:
Hi Simon,
On 30.09.2023 10:18, Simon Arlott via mailop wrote:
On 30/09/2023 08:50, Andrew C Aitchison via mailop wrote:
I see that there is an Exim release candidate out on test at the moment
https://lists.exim.org/lurker/message
Sept.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
,
you must check that the report domain is willing to accept these reports.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
rding and the forwarding information is stored
on the mailstore, he wont know whether the domain is local or remote
until the mail store comes back on line.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.
miscategorized as SPAM.
Maybe the spammers are more likely to use ed25529 than legitimate mailers
so GMail think it indicates spam ?
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
mailop mailing list
rd, alpine, mutt and fetchmail
to do to access Microsoft-hosted mailboxes ?
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
r.ietf.org/doc/draft-storey-smtp-client-id/ (SMTP)
https://datatracker.ietf.org/doc/draft-yu-imap-client-id/ (IMAP)
and OAuthBearer RFC7628
to see whether either or both could help us identify the incoming
client sessions ?
--
Andrew C. Aitchison Kendal, UK
an
On Sat, 11 Nov 2023, Carsten Schiefner via mailop wrote:
Hi Andrew,
Am 11.11.2023 um 14:25 schrieb Andrew C Aitchison via mailop
:
[…]
I guess we need to look at ClientID
https://datatracker.ietf.org/doc/draft-storey-smtp-client-id/ (SMTP)
https://datatracker.ietf.org/doc/draft-yu-imap
ively fewer messages I can only imagine
that is because their strike rate is better, which is *more* worrying.
What have I misunderstood ?
but I wouldn't be at all surprised if some sites still have a 90%+
spam burden.
--
Andrew C. Aitchison Kendal, UK
ir filters.
If they use forwarders, SPF will fail in the case the envelope sender
isn't rewritten. Check your logs for that.
I think Jarland meant that his system allows users to forward
received messages (to Google).
--
Andrew C. Aitchison Kendal, UK
xplain how we will all know when to switch ?
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
so it was particularly visible.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
hough one of the aims of BIMI is to encourage
correct use of SPF/DKIM/DMARC.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
of costs that far exceed those of the message itself.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
t MTA received a message with these headers there is a risk
that the MUA would trust them.
Would it help if MUAs that don't actively support BIMI at least removed
these headers when delivering to local mailboxes ?
--
Andrew C. Aitchison Kendal, UK
On Sat, 13 Jan 2024, Benny Pedersen via mailop wrote:
Andrew C Aitchison via mailop skrev den 2024-01-13 07:16:
[ Wearing an MTA developer's hat. ]
+1
I see that an MTA is supposed to remove existing Authentication-Results and
BIMI-Indicator headers, and that generally an MUA may use
3 or 4
specific subdomain additions to a safelist from the
hypothetical block rule, and that would be it.
- Mark Alley
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
is indeed bare linefeeds, your bounce message may be
leading him astray by suggesting he has sent bare carriage-returns.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk___
mailop mailing list
mailop@mailop
rtner
Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635)
Tallinn, Estonia
tel. +372-5883-4269, https://www.koliloks.eu/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
--
Andrew C. Aitchison
customers put in clauses guaranteeing
no spam from addresses associated with with the customer's mail.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk___
mailop mailing list
mailop@mailop.org
https://
nders ...
I don't have traffic from Alibaba so cannot judge for myself.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
I provide my opt-out preferences by ...
"visiting a single Internet Web page" ?
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
st* thing they would like to do is to complain to any mail provider.
They just take it for granted that "it is so" that the recipient sometimes
doesn't get the email, and you have to live with it.
If nobody complains,
then a single complaint is likely to get at
several list messages last month
with mail addresses with what looked to me like CJK
characters.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https
is not new for openssl, but it is for gnutls.
Given that the advice for SMTP is often to allow tls 1.0 and 1.1,
rather than have it revert to unencrypted, this will is something to
watch out for.
--
Andrew C. Aitchison Kendal, UK
and...@aitch
supporting such a device (although I was aware that people
would have to decide again about allowing plain).
Has anyone checked what traffic is still using TLS 1.0 or TLS 1.1 ?
--
Andrew C. Aitchison Kendal, UK
and...@aitch
in security.
For IMAP and POP, encryption is end-to-end, but there you know, and
presumably have control over, your users.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
mailop mailing list
mailop
Our inbound queuerunner operates in permanent queue running mode which
could lead to a retry every minute if the queue is nearly empty.
This is more or less "aggressive" ...
An *inbound* queue runner sounds like a special case
- I would expect it to be more "aggressive".
--
Andrew
more about this software ?
Thanks,
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
I'm stuck with the architecture for the next couple of years.
So you are looking for someone to add support for that architecture to
Proxmox, maybe in a consortium with other interested parties ?
[ I am *not* bidding, nor interested in joining the consortium. ]
--
Andrew C.
ve them a
heads-up.
Kind regards,
Paul
PS: Of course, their software does not detect rejected messages/failed
deliveries, and their staff claims, it’s in the spam folder.
--
Andrew C. Aitchison Kendal, UK
but not any record addresses ?
TonyFinch> Too late for that by about 10 years, I'm afraid.
Looks like that dream is getting further away :-(
We wont will that fight if we don't push for it.
On 25.04.24 14:59, Andrew C Aitchison via mailop wrote:
Should someone here not know, RFC 7
warded the mail,
but cannot prove that it really came from the original sender.
I think that this way GMail can reject the email,
or put it in the spam folder, but without blaming you.
I am not sure that ARC is supposed to do what we think it is.
--
Andrew C. Aitchison
things can happen.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
DMARC)
I had not realized that SRS was possible without SPF.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
ts
(or possibly swaks on my machine).
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
eader addresses ?
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
per username, which works well for me
though maybe not for the OP with one user and 10 domains,
but I am paying less than his five bucks per month.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk___
mailop
the TLD is" problem
since it's not just the last segment.
Since the OP is new here, i will mention th Public Suffix list
https://publicsuffix.org/
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
__
user support is more common amongst mailserver maintainers.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
exim (c1996)
the version number was bumped from IIRC 0.65 to 2.65
:-)
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
play nicely on phones ?
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
use the input, rather than the metadata, to determine
which decompressor to use (but using metadata might be quicker).
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
a job spec that would let them know about and fix the issue.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
.well-known/openid-configuration
https://accounts.google.com/.well-known/openid-configuration
I'll have to read https://openid.net/specs/openid-connect-discovery-1_0.html
to see why the literal domain.com in one but not the other
(and the other version doesn't work for
hich
of these I should be asking for.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
On Tue, 27 Aug 2024, Colin Johnston via mailop wrote:
Have you tried an normal android phone without a sim as Google should send
the 2fa to that as well as sms ?
How would she add the phone to the account *without* the one-time
key she wishes to receive ?
--
Andrew C. Aitchison
messages that passed DMARC authentication as well
as those that did not.
How often are you sending to the rua address ?
I doubt that you need to send summaries more than once per day.
Google doesn't advertise an "ruf" URI so do not wish to receive
individual failur
ecognise that rafa.eu.org sends good mail ...
But the basic problem remains; an AI has decided it doesn't like you.
Many bad guys spend significant amounts of time/money/effort trying to get
out of this AI's bad books, so it has defences again those who try to
persuade it to l
features of DMARC is that it provides URLs for
reporting failed messages.
Bounces like this tend to get people attention.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk___
mailop
teve
Oh...And I'm certain Google also sent a DMARC report :P
On Thu, Nov 21, 2019 at 4:34 AM Andrew C Aitchison via mailop <
mailop@mailop.org> wrote:
On Wed, 20 Nov 2019, Matt Vernhout via mailop wrote:
If a sender asked you to reject that mail with their policy do them
a favou
that 2 is the biggest group but I'm not sure that they would
get more from a message which doesn't work for people in group 1.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
t into
a web browser.
One other option is for gmail to forward your mail to your server.
I've been doing this for a few months without any problems.
--
Andrew C. Aitchison Kendal, UK
On Tue, 17 Dec 2019, Andrew C Aitchison via mailop wrote:
On Tue, 17 Dec 2019, Philip Paeps via mailop wrote:
On 2019-12-17 03:20:04 (+0800), Al Iverson via mailop wrote:
Google is announcing that in the future, G-Suite accounts will not support
LSA (Less Secure Access) account connection
orrectly GMail can even give different trust levels to
different apps on the same phone !
I suspect that the simple answer is that GMail has not established that
the two sources are in fact the same, and your IPv6 source, being new,
has no positive reputation.
--
A
On Thu, 23 Jan 2020, Michael Peddemors via mailop wrote:
But it is helpful, whether sending or receiving, to see if the address is in
your contacts (known person) or not..
But we see a lot of changes coming on that front, just overheard some
Thunderbird developers working on, and I know our t
myself that the verification does
indeed prove what it is supposed to prove and that it is safe from
man-in-the-middle.
I have lost enough physical keys over the years to worry about what
happens if I lose my phone (which does not have a finger print reader) ...
--
Andr
unlock my phone (that may be
unrealistic) if we have eliminated passwords then they have access
to all my data stored anywhere.
On Sun, 26 Jan 2020, Brandon Long wrote:
On Sun, Jan 26, 2020 at 10:35 AM Andrew C Aitchison via mailop <
mailop@mailop.org> wrote:
Hmm.
Proving that you can read
logging by /64, so that you still notice oddities like this.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-b
the appropriate details to the DMARC
reporting address(es) ?
OK, I haven't thought through when to use the connecting IP address
and when the sending domain to determine where to send reports.
--
Andrew C. Aitchison Kendal, UK
and...
I thought DKIM was supposed to flag such messages;
do these phishing emails satisfy DKIM ?
On Tue, 18 Feb 2020, Benoit Panizzon via mailop wrote:
Hi List
Lately, our customers are getting an increased amount of phishing
emails, or emails containing malware with legit looking From: headers
fro
1 - 100 of 257 matches
Mail list logo
