[HECnet] Mailing list...

Mark Benson md.benson at gmail.com
Thu Jul 30 20:54:06 PDT 2020 

Hi,

I’ve been managing our corporate mail system at $work for many years and can say several things:

A lot of providers rely on SPF and DKIM to verify authorised sending servers now because other methods of identity are no longer reliable such as RDNS and such. If you don’t have it some large mail providers will flat out refuse to accept mail past any kind of volume from your server. Although I don’t know for sure I suspect Apple are one of those. I know BT (UK phone monopoly an ISP) do rely on it heavily, as do hosting & mail server management systems like CPanel. We recently had to inform an off-site service provider that they needed to update their records because they use SalesForce for support infrastructure and hadn’t updated the record to include new sending servers, so our mail stack was just yeeting their support emails because it couldn’t verify their origin vs the sending domain. Ahhh fun times ;-D

Visa-vis the above, it’s worthy of note, that neither SPF or DKIM restrict you to your own IP as a verified sender, you can add 3rd party servers to the record too (most of you probably already knew that).

I am still baffled how many servers both use SBLs (spam block-lists) and not only are they indeed not worth two damns also a lot of the services are subscription based and a significant number of organisations let the subscription lapse and just leave an out of date list of SBL targets on their security system, meaning even if you waste countless hours removing your server from said SBLs (ask me how I know!) some places will still list your server and you’ll effectively always have issues delivering there, until someone pulls a head out of ass manoeuvre and removes said outdated SBL. We still get an occasional SBL bounce 15 odd years after we got listed on a bunch when someone compromised our web hosting server with a spam script. For a long time a certain recently mentioned US ISP also kept rejecting all our outgoing mail, likely because their system was setup at one time to autoblock anything that ever appeared on an SBL. They fixed that recently, like about 2 years ago. 

I like many others here have had a fair share of BS regards ‘anti-spam’ systems (which in reality were more akin to arbitrary anti-delivery systems) over the years. It’s not something I enjoy, and I feel your pain.

Mark

> On 30 Jul 2020, at 22:39, Johnny Billquist <bqt at softjar.se> wrote:
> 
> Hi, all.
> 
> I have an issue with some mail servers/providers that some people use. I'm open to some suggestions, but also want to point out something to people who are subscribed.
> 
> Sometimes I start getting mails bouncing for some subscribers. I do try to check why, and occasionally there have been something I could do about it, but many times it's simply what I would call a broken mail server for which there isn't much I can do. So occasionally I unsubscribe people for which I'm just getting bounces all the time.
> 
> One such example is one server who claims that 130.238.19.25 don't have reverse DNS. Which is clearly incorrect. It have had proper DNS setup for at least 20 years. I have no idea how that mail server is set up, but I can't do much about it.
> 
> Other times mails gets denied because of some blocking service who thinks the hecnet mails are just spam, or the host (Update) is untrustworthy, or have a bad reputation or what not. Usually not much I can do about those either. If people (or companies) decide to make use of such services, and such services give that kind of information, it essentially just means that you'll not be getting the hecnet mails any more.
> 
> There is only so much I'm willing to do to try and sort such things out. I do consider such services and solutions to be fundamentally broken to start with, but I will of course not say that people can't use them if they want to. But chances are that you'll get dropped from the HECnet mailing list sooner or later, unless you are using some service/technology that actually do work (not sure if any such exists).
> 
> An example I got today (actual mailbox names redacted):
> 
>> <XXXXXX at xs4all.nl> (expanded from <hecnet-list>): host
>>    mx4.xs4all.nl[194.109.24.139] said: 550 5.7.1 Spam message rejected by
>>    06ULCRRd021949 on mxdrop301.xs4all.net, reason=CH (in reply to end of DATA
>>    command)
> 
> reason=CH ?
> What does that mean. The mail is rejected because it came from Switzerland? (Yes, I do live in Switzerland, and yes, it was a mail I sent to the list, but really? Is all mail from Switzerland suspect now?)
> 
>> <XXXXXX at me.com> (expanded from <hecnet-list>): host
>>    mx01.mail.icloud.com[17.57.152.9] said: 554 5.7.1 [CS01] Message rejected
>>    due to local policy. Please visit https://support.apple.com/en-us/HT204137
>>    (in reply to end of DATA command)
>> <XXXXXX at me.com> (expanded from <hecnet-list>): host
>>    mx01.mail.icloud.com[17.57.152.9] said: 554 5.7.1 [CS01] Message rejected
>>    due to local policy. Please visit https://support.apple.com/en-us/HT204137
>>    (in reply to end of DATA command)
> 
> 
> Rejected due to local policy?
> Following the link don't really give an answer, but just various recommendation.
> 
> Most of those recommendations are already done (and have been the whole time) by the HECnet list. SPF and DKIM we don't use. I had that setup for a while on a mail server of my own, and came to realize that it hurt more than it helped, so I removed it again. I doubt this will be setup on Update any time soon, but either way, it's not there now, and it's not even clear if that is the reason for the rejects, or some other thing. There is also no way to even get in touch with Apple in this case, to fix this. So there is a fair chance I'll have to unsubscribe a few more addresses in the near future...
> 
> I am not really interested in moving the mailing list to some other host. Any suggestions from anyone on this topic?
> 
>  Johnny
> 
> -- 
> Johnny Billquist                  || "I'm on a bus
>                                  ||  on a psychedelic trip
> email: bqt at softjar.se             ||  Reading murder books
> pdp is alive!                     ||  tryin' to stay hip" - B. Idol

More information about the Hecnet-list mailing list