I've recently observed gmail dropping messages or not forwarding all
messages/posts from the nanog list. This is rather annoying.
Has anyone else experienced this? Does anyone have any insight as to why?
Thanks,
-b
sometimes nanog mail gets marked as spam for me ... I think spam does
not get auto-forwarded.
ok, there are some in the spam folder. Hmm, didn't think to look there
for the missing ones when my inbox appears to be receivng partial
threads.
Thanks,
-b
What is the DKIM check result for those messages?
May be time to get nanog mailing list DKIM aware?
What is the DKIM check result for those messages?
Non existent, it's SPF only.
This is what GMail sees:
Received: from s0.nanog.org (s0.nanog.org [207.75.116.162])
by mx.google.com with ESMTPS id h1si7255610ibn.43.2011.04.22.13.42.53
(version=TLSv1/SSLv3 cipher=OTHER);
Fri, 22 Apr 2011 13:42:53 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
nanog-bounces+askoorb+nanog=gmail.com@nanog.org designates
207.75.116.162 as permitted sender) client-ip=207.75.116.162;
Authentication-Results: mx.google.com; spf=pass (google.com: best
guess record for domain of
nanog-bounces+askoorb+nanog=gmail.com@nanog.org designates
207.75.116.162 as permitted sender)
smtp.mail=nanog-bounces+askoorb+nanog=gmail.com@nanog.org
May be time to get nanog mailing list DKIM aware?
I've recently observed gmail dropping messages or not forwarding all
messages/posts from the nanog list. This is rather annoying.Has anyone else experienced this? Does anyone have any insight as to why?
Yes, for example, the message I'm replying to had this at the top of it:
"Due to a filter you created, this message was not sent to Spam. Edit Filters"
"Warning: This message may not be from whom it claims to be. Beware of
following any links in it or of providing the sender with any personal
information. Learn more"
So GMail thinks it's a phishing message :-/
Quite a lot of my Nanog messages are marked as spam, which is why I
created a filter to not send any messages with a list ID header with
nanog.nanog.org in it to spam at all.
The only way for Nanog to get round this would be for the mail
administrator to follow *every* step at
Email sender guidelines - Google Workspace Admin Help which
basically is:
- Explicit SPF with hard fail.
- Signing with DKIM or DomainKeys.
- Useing a consistent IP address to send bulk mail.
- Keeping valid reverse DNS records for the IP address(es) from which
mail is sent, pointing to the sending domain.
- Use the same address in the 'From:' header on every bulk mail that is sent.
- Using the "Precedence: bulk" header.
- Up-to-date contact information in the WHOIS record, and on abuse.net.
But the list administrator would have to do all of that faff.
Alex
What is the DKIM check result for those messages?
Non existent, it's SPF only.
My point.
This is what GMail sees:
Received: from s0.nanog.org (s0.nanog.org [207.75.116.162])
by mx.google.com with ESMTPS id
h1si7255610ibn.43.2011.04.22.13.42.53
(version=TLSv1/SSLv3 cipher=OTHER);
Fri, 22 Apr 2011 13:42:53 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
nanog-bounces+askoorb+nanog=gmail.com@nanog.org designates
207.75.116.162 as permitted sender) client-ip=207.75.116.162;
Authentication-Results: mx.google.com; spf=pass (google.com: best
guess record for domain of
nanog-bounces+askoorb+nanog=gmail.com@nanog.org designates
207.75.116.162 as permitted sender)
smtp.mail=nanog-bounces+askoorb+nanog=gmail.com@nanog.orgMay be time to get nanog mailing list DKIM aware?
I've recently observed gmail dropping messages or not forwarding all
messages/posts from the nanog list. This is rather annoying.Has anyone else experienced this? Does anyone have any insight as to
why?Yes, for example, the message I'm replying to had this at the top of it:
"Due to a filter you created, this message was not sent to Spam. Edit
Filters"
"Warning: This message may not be from whom it claims to be. Beware of
following any links in it or of providing the sender with any personal
information. Learn more"So GMail thinks it's a phishing message :-/
Because from: may be from a domain which is known to DKIM sign
everything.... (like gmail).
Quite a lot of my Nanog messages are marked as spam, which is why I
created a filter to not send any messages with a list ID header with
nanog.nanog.org in it to spam at all.The only way for Nanog to get round this would be for the mail
administrator to follow *every* step at
Email sender guidelines - Google Workspace Admin Help which
basically is:
- Explicit SPF with hard fail.
- Signing with DKIM or DomainKeys.
- Useing a consistent IP address to send bulk mail.
- Keeping valid reverse DNS records for the IP address(es) from which
mail is sent, pointing to the sending domain.
- Use the same address in the 'From:' header on every bulk mail that is
sent.
- Using the "Precedence: bulk" header.
- Up-to-date contact information in the WHOIS record, and on abuse.net.But the list administrator would have to do all of that faff.
No, it is mailman, just upgrade mailman. Recent versions are more DKIM
aware...
More info: draft-ietf-dkim-mailinglists-06
Nearly all of the spam I see is DKIM signed. It just makes messages bigger. I'd just as soon our volunteers spend their times on other things, myself.
I've recently observed gmail dropping messages or not forwarding all
messages/posts from the nanog list. This is rather annoying.Has anyone else experienced this? Does anyone have any insight as to why?
I've read the thread, and ironically all messages from Franck Martin in
this thread were sent to spam by gmail. None of the others! This is
like an earlier thread:
-------- Previous Message --------
It is like IPv6, it just makes packets bigger...
DKIM isn't designed explicitly to stop spam, it's designed to identify senders.
If you trust the issued certificates(!) being used to sign the mail, you at least have a good indication that the spam is coming from the domain that it says it's coming from. This can make spam blocking much more effective because instead of simply hoping that a domain-based blocklist will block spam and not ham (due to spoofed sender addresses), you have a pretty good feeling that this will be the case.
Of course this relies on various other bits and pieces to fall into place, such as properly handling such messages (Gmail's detection and handling rules aren't public AFAIK), CAs not being compromised, etc. Not to mention that the spammers can simply register another domain and buy a new cert -- but then the argument above still holds.
--Jeff
In the off-chance you are assuming that the presence of a DKIM signature is
supposed to mean something about the quality of a message, please note that it
isn't. It is only meant to supply a reliable, valid identifier, with which
assessments can then be made. That assessment step is where the fun happens.
See:
<http://dkim.org/specs/draft-ietf-dkim-deployment-11.html>
For reference, spammers are typically early adopters of newly security
standardized mechanisms, in the (demonstrably valid) belief that some folk
confuse identification with quality assurance.
In particular, the DKIM d= identifier is primarily helpful for avoiding false
positives. That is, it is for an assessment process targeting signers you
trust, rather more than for targeting those you don't. If you don't care about
the trust side of the filtering equation, I suspect DKIM will not be all that
helpful for you.
d/
DKIM doesn't use purchased certificates. It's all self-signed.
As for catching spammers, using d= as an identifier is more effective at finding the good stuff than the bad stuff. So if this list were signed by nanog.org, we (or our reputation systems) could all recognize that mail signed d=nanog.org rarely resulted in user complaints, and thus it must be mail the users want to receive; conversely, mail which spoofs nanog.org but is not signed can safely* be stored in the big bit bucket in the cloud.
Well, they aren't self-signed either; DKIM doesn't use x.509
style certs at all. It's just RSAPublicKey DER-encoded public
keys that are placed in the DNS.
Mike, but it still requires some crufty ASN.1 which is prolly the
confusion
Sorry, yes. I've had GPG and X509 on the brain lately. Thanks for the correction, Mike and J.D.
--Jeff