For some reason Gmail has started blocking mailman administrative emails to someone who’s an admin on a list I host. Their SMTP 552 error message points to <https://support.google.com/mail/?p=BlockedMessage>, which implies the “problem” is the URLs in the email, but is otherwise completely unhelpful.
If anyone here has any pull with Gmail postmasters, could you please suggest to them that they whitelist messages that are as consistent and well-known as mailman’s admin and moderator messages?
You might have better luck emailing the mailops list.
Cute way to promote Google Groups over Mailman. Gotta give 'em credit for being creative 
-Hank
I think at this point we should upgrade the classification of this
issue from being Spam-filter-related to being a fundamental
interoperability issue of Google Mail and G Suite with regards to
email and SMTP.
Google has a monopoly on corporate email nowadays (even OPs own domain
name is still handled by Gmail). Google still "officially" supports
incoming SMTP, but they've otherwise made it non-interoperable with a
whole bunch of the operators.
Google still rejects email from my own domain name as outlined in a
prior message on this list a month or two ago:
* https://mailman.nanog.org/pipermail/nanog/2019-October/103817.html
Since I am able to receive email from Gmail, but not able to send it
back, I'm thinking of implementing my own handling of incoming SMTP
unique and specific to Gmail / G Suite — anytime anyone tries to send
me email from Gmail / G Suite, I'll accept the message, but instead of
providing a 2.0.0 confirmation at the end of the message body, will
instead provide a 5.0.0 DSN with an error message explaining to the
sender that I won't be able to reply back to them due to the
interoperability issues of Google Mail / G Suite on their side. What
other choice do I have?
I just don't see any other way on how to proceed otherwise. It's
especially annoying if you're using a certain platform to communicate
with someone (which automatically takes care of the notifications and
has its own email gateway), and then they switch the conversation to
direct email, but then you're no longer able to reply to their
communication.
C.
In article <CAPKkNb537O5C_FQjh7ucWsF_4USK3EuHcJdkDv-ZJLU8EK1Kmg@mail.gmail.com> you write:
Google still rejects email from my own domain name as outlined in a
prior message on this list a month or two ago:
Google accepts my mail just fine, including from my mailing lists.
Their goal is to make their users happy by accepting the mail the
users want and not the mail the users don't want.
Perhaps it would be more productive to figure out in what ways your system
is different from others. It would also help to stop being coy and tell
us the actual IP addresses and domains that are having trouble so people
who might want to help can do so.
Peace,
Though I agree that Gmail spam filtering is top grade, or close to be so, it still sends to spam a statistically significant number of emails from IETF and ICANN mailing lists I’m subscribed to. It depends as well on which account I should receive those emails.
While I understand and totally accept that there might be issues with the respective senders’ configuration; with mailing lists at least, spam filtering is more of a duty of the mailing list admins. Therefore, it is correct that certain work around the current system is still necessary, and there are edge cases which might cause uncertainty on the sender’s side.
Though I agree that Gmail spam filtering is top grade, or close to be so,
it still sends to spam a statistically significant number of emails from
IETF and ICANN mailing lists I'm subscribed to. It depends as well on
which account I should receive those emails.
Yes, that's mostly the DMARC problem. We're painfully familiar with it.
While I understand and totally accept that there might be issues with the
respective senders' configuration; with mailing lists at least, spam
filtering is more of a duty of the mailing list admins. ...
One day I asked a guy at Google why they don't just whitelist incoming mailing list mail, since they clearly have a good idea where the list hosts are. He said that legit lists send spam (actual ugly spam, not filter errors) all the time, either because a subscriber's account is compromised or the list itself is compromised. Accurate filtering is remarkably complicated.
Regards,
John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly
Though I agree that Gmail spam filtering is top grade, or close to be so,
it still sends to spam a statistically significant number of emails from
IETF and ICANN mailing lists I’m subscribed to. It depends as well on
which account I should receive those emails.Yes, that’s mostly the DMARC problem. We’re painfully familiar with it.
In this case, the mail origin is DMARC signed, and Gmail accepts all other messages. It simply appears to be that they’ve decided the URLs in mailman’s admin/moderator messages are suspicious enough to warrant outright rejection of the message, and not just labelling it as spam or suspicious in the recipient’s mailbox.
Someone up-thread noted that my personal domain is hosted on google groups. I’ve noticed in the past that the behaviour of gmail.com can be very different from the behaviour of a paid mail domain like mine… I’ve seen the same sorts of messages accepted by one and refused by the other on more than one occasion, and it’s not always the same one being more strict or restrictive.
While I understand and totally accept that there might be issues with the
respective senders’ configuration; with mailing lists at least, spam
filtering is more of a duty of the mailing list admins. …One day I asked a guy at Google why they don’t just whitelist incoming
mailing list mail, since they clearly have a good idea where the list
hosts are. He said that legit lists send spam (actual ugly spam, not
filter errors) all the time, either because a subscriber’s account is
compromised or the list itself is compromised. Accurate filtering is
remarkably complicated.
Agreed that spam filtering today is a hard problem, and given Google’s scale their problem with it is bigger than most others’. My assertion is that given how ubiquitous mailman’s administrative messages are (as opposed to random list traffic), and given that those messages haven’t changed in structure in aeons, it should be trivial for a company with Google’s resources to not get false positives on those messages. Their heuristics and learning algorithms should be primed with a ton of samples of such messages to inform their decision making, if not to outright whitelist them.
Someone up-thread noted that my personal domain is hosted on google
groups. I've noticed in the past that the behaviour of gmail.com can be
very different from the behaviour of a paid mail domain like mine...
Google says that every user's spam filtering is different. It's not just free vs. paid.
Agreed that spam filtering today is a hard problem, and given Google's
scale their problem with it is bigger than most others'. My assertion is
that given how ubiquitous mailman's administrative messages are (as opposed
to random list traffic), and given that those messages haven't changed in
structure in aeons, it should be trivial for a company with Google's
resources to not get false positives on those messages.
Imagine if some spammer tried sending spam formatted like fake mailman admin messages hoping that the spam filters will let them through since they're obviously OK. Yes, spammers do that kind of stuff.
Or maybe users are tired of the useless monthly messages and report them as spam.
Regards,
John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly
Again, these are not a user messages or regular list traffic, they’re admin/moderator messages addressed to an admin of a list.
Your point about the possibility of spammers forging those is taken, but I don’t see that as being anywhere remotely common enough to justify a 5xx error on attempted delivery of such a message.
So, to clarify the OP issues here — you're using Gmail on your domain
(aka G Suite), and are also a Mailman administrator (on same or
different domain?), and are unable to properly use Mailmain, because
Gmail?
Is switching away from G Suite not an option?
C.
In article <CAPKkNb537O5C_FQjh7ucWsF_4USK3EuHcJdkDv-ZJLU8EK1Kmg@mail.gmail.com> you write:
>Google still rejects email from my own domain name as outlined in a
>prior message on this list a month or two ago:Google accepts my mail just fine, including from my mailing lists.
Their goal is to make their users happy by accepting the mail the
users want and not the mail the users don't want.
First they came for the communists, and I didn't speak out, because I
was not a communist. …
…
I've recently noticed that a whole bunch of mailing list posts end up
in the spam folder, too; from small personal domains without a _dmarc,
for example, so, let's not brush it all under DMARC compliance, shall
we? It's been getting worse in the recent months. The writing is on
the wall that Google only cares about the corporate users now.
They've already shutdown XMPP and Google Plus; yet the underlying
products are still alive.
Perhaps it would be more productive to figure out in what ways your system
is different from others. It would also help to stop being coy and tell
us the actual IP addresses and domains that are having trouble so people
who might want to help can do so.
This presumes that the issue is related to my static setup, but it's
not. Last time around, several people contacted me offlist, and
didn't find any issues with my setup either.
Plus, as mentioned, I myself have never had any major issues with my
mail being accepted by Gmail, either, before I started sending myself
some cron output with some domain names they deem malicious. There
were no other changes to the IP address or to the domain name on my
side.
Now here's a novel idea — instead of me having to publish the
irrelevant details and doing crowdsourced troubleshooting, maybe
Google should tell in their rejection messages the actual reason why
they reject these emails, or provide such data on Postmaster Tools,
instead of the folk having to resort to the random people on the
internet trying to assemble and figure out the interoperability issues
of the black box that Google Mail and G Suite are?
P.S. For my own story, I disabled a whole bunch of cron tasks, and it
seems like the "reputation" hit has subsided, but even after a month
or so, it seems like it still hasn't healed completely. I'm still
using alternative domains in MAIL FROM if the message has to get
through, which still works as a workaround (still same IP and all).
C.
I own domains backed by gsuite/postini and they are awesomely spam
free, and good. What I say here shouldn't be taken as saying I don't
want that goodness.
I also work in domains which routinely get mis-tagged as spammy by
google, and that can include replying to google staffers. This isn't
good. Understandable, faking flows into your own mail must be a big
problem for big mail hosters, mainly doing mail for other people.
Oddly, no other enterprise I deal with does this: Only google tags
google staffers as spam, when they interact in GMail and G/Suite.
It would help enormously if google told us A/B Black/White techniques
for our own mail investments in GSuite, which are functionally able to
do things, not just community curated hints. But, the "things you can
do" feels more like "things you can try"
Part of this, is the freemium levels in Google don't go to people. You
have to pay google money to get people to talk to. The second part is
that we want to believe the awesome, but most people you can talk to
in Google are robots with scripts. I have had the great pleasure of
speaking at a meeting, with Google staff present, showing a thing
which is in some sense "something is wrong" and having them get up to
the microphone queue and say "I fixed that" -And it is awesome but its
not repeatable, its not sold as a product to everyone, its rare, and
it actually hurts more than it helps: Privilege outcomes is why people
mail NANOG asking for help. Its not service level, it drives to tweet
storms about problems to get fixed.
For instance, it isn't clear to me how adding addresses to your own
address book does materially interact with spam tagging. I added all
the google staffers I deal with, they are still spam boxed. This is
one of the recommendations from some years back. Did it ever work? Is
it "official" or just an idea? How do you tell?
I fully expect the usual ASCII list of "your idea won't work because"
but the quality I am trying to get to here, is that mail un-spam and
un-filter and un-protect is basically now not just a heuristic, but an
undocumented heuristic: we don't know the interactions of the moving
parts, and when we ask about the moving parts, the answers feel like
smirks. Who you are alters what kind of reply you get back.
-George (posting from a g/suite free edition hosted domain btw)
25 years or so from now when the internet is basically a big CATV-like
service someone will write a book about how "SPAM Ate The Internet".
And a few other things, among them:
Phase II: Ham Eats The Internet.
Now that every marcom, billing, etc dept and their pet dog has figured
out they can send almost unlimited email, billions of them, just about
for free and if they have any sort of recognizable corporate identity
they won't be challenged by intermediaries (end users might try) watch
as you get 100, 500, 1000... emails/day from them collectively.
Hey it was just *one* email/day...from each of the Fortune 1000, and
their subsidiaries, and their agents, and...
But that's ok, the new masters of this universe will just charge both
ends for each and every email (perhaps a few included free with your
Hulu or Netflix subscription) and old timers will talk about how great
it was back in the old days when you could run lists like nanog for
roughly nothing tho I don't know where they'll talk about that.
Somehow NetFlix has decided that my email address is "suddenly" invalid
(the one that has been in continuous use since the mid-80's).
Apparently the third-party that they use to send e-mail is a dirty
spammer and thus has been blacklisted. I tried to tell then this, but
no one at NetFlix seems to have a clue, and my clue-by-four has no one
to hit over the head.
I really do no care what the Masters of the Universe think. They can
pry my mail server and domain from my cold dead fingers, and until then,
they can shove themselves where the sun doesn't shine ...
"John Levine" <johnl@iecc.com> writes:
Google accepts my mail just fine, including from my mailing lists.
Their goal is to make their users happy by accepting the mail the
users want and not the mail the users don't want.
If we rule out asking the users for every mail, then that means applying
statistics on empirical data. The problem is that smoothing the edges
might throw away mail that the recipient care about, just because most
other users didn't.
Small players risk being blocked on the sole reason that they are too
small to make any measurable number of gmail users want their mail.
Bjørn
No. I’m a mailman administrator on some domain completely unrelated to google in any way, and google is rejecting admin email from said mailman instance to (so far) one list admin who has a gmail.com address.