Ever since I moved the 44net mailing list from 'hamradio' to 'mailman' it's been running into spam filters.
This is caused in part by the fact that 'mailman' is actually an alternate (duplicate A record) name for 44.0.0.1. The machine serving as 'mailman' is itself dual-homed to both 169.228.34.84 and 44.0.0.1 but uses 169.228.34.84 as its outgoing email IP address, and I can't change that. And UCSD blocks inbound SMTP to 169.228.34.84 as part of THEIR spam filtering.
Another part of it was that the mailer on amprgw was identifying itself as 'gw.ampr.org' instead of 'amprgw.ucsd.edu' which is its name when looked up by the outgoing mail IP address of 169.228.34.84. This was tripping spam filters which believed that the mail was coming from a forged address.
Among other people, Marius wasn't getting 44net mail because of his site's spam filtering objecting to the misidentification of amprgw's mailer.
I've corrected the mailer name issue; it now identifies itself on incoming and outgoing mail as 'amprgw.ucsd.edu' which is its primary name in the DNS. Mail to it as 'amprgw.ucsd.edu', 'amprgw.ampr.org', 'gw.ampr.org', or 'mailman.ampr.org' will all be accepted. (Although mail to amprgw.ucsd.edu will be processed by UCSD's spam filters. Arrgh.) Mail from it will come from a connection from 'amprgw.ucsd.edu'. This may result in the need to adjust a few spam filters but will make other spam filters happy.
The mailing list sender address will still be 'mailman.ampr.org'. I have updated the SPF record for that hostname to include all the MXs for it, and both addresses of it (169.228.34.84 and 44.0.0.1):
"v=spf1 +mx +a ip4:169.228.34.84/32 ip4:44.0.0.0/24 ?all"
With any sort of luck, this will appease the other spam filters.
The reason for all this complication is that I've had to condense two machines, hamradio and amprgw, into one because hamradio is going away.
The reason for using 'mailman' as the hostname in the mailing list headers is that we may someday move the mailing lists to their own machine with that name (and it's own IP address!) and I don't want to go through the pain of renaming the mailing list once again and having everybody have to change their filters and address books again.
So if you encounter difficulties with the mailing list I apologize for the confusion. If this is the first message you've received since the list moved, then I've fixed your problem. If you find this message in your spam mailbox, then I've broken it for you.
The basic problem is that there is no good solution for getting rid of spam. SPF is incomplete and DKIM is just broken itself because it breaks years-old tradition of mailing list formats. (It checks the Author address ['From:'] instead of the sender ['Sender:'] or error-return address ['MAIL FROM:' or 'From '] address.)
So people, including myself, resort to kludges of various kinds, all of which are not fully satisfactory, and some mail just doesn't get delivered.
It's a mess. Sorry. - Brian
-----Original Message-----
"v=spf1 +mx +a ip4:169.228.34.84/32 ip4:44.0.0.0/24 ?all"
Mails coming through fine here. A couple of points:
"?all" means anything else is neutral. I think you want "-all". It's my understanding that some spam-filters view other than "-all" as if the rest doesn't really matter.
I don't see an SPF record for amprgw.ucsd.edu. If that is the machine actually sending the mail, then I think you want that. See RFC-7208 section 2.3.
Michael N6MEF
While I have had issues with ?all in the past (neutral), I'd avoid -all (hard fail) if you can. Hard fail can mess up mail forwarders if subscribers use them on their end. Instead, I'd suggest using ~all (softfail), which most mail providers seem to be OK with.
Jacob Slater KM6LDX
On Sat, Sep 23, 2017 at 10:23 AM, Michael Fox - N6MEF n6mef@mefox.org wrote:
-----Original Message-----
"v=spf1 +mx +a ip4:169.228.34.84/32 ip4:44.0.0.0/24 ?all"
Mails coming through fine here. A couple of points:
"?all" means anything else is neutral. I think you want "-all". It's my understanding that some spam-filters view other than "-all" as if the rest doesn't really matter.
I don't see an SPF record for amprgw.ucsd.edu. If that is the machine actually sending the mail, then I think you want that. See RFC-7208 section 2.3.
Michael N6MEF
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Yes, I was debating between ? and ~ and went with ? as it seemed the least likely to cause problems, but in fact UCSD's SPF record that I set many years ago uses ~ and there have been no complaints, so I may well change to it. We'll see as the bounce/reject messages come back in from daily traffic.
The elephant in the room is Google - gmail's spam filtering is a secret and nobody will talk about it who knows, so we have to guess and see what works and what gets rejected by simple trial and error.
But the immediate problem is going to be solved; we have a new mailman machine on the horizon and it will have its own unique IP address so much of the current issue will be solved, and I can give it an SPF record that will work.
We'll still have problems with mail originating from DMARC sites like yahoo, but the Mailman program has a workaround for that - if it sees that the posting is coming from a domain with a DKIM record, it rewrites the From: address to the list, which will allow posters from that site to participate. People can still reply to them individually since their original address is in the courtesy-copy (Cc:) header line.
Thanks for your advice, we'll watch the bounces and see what to do. - Brian
On Sat, Sep 23, 2017 at 10:49:24AM -0400, Jacob Slater wrote:
While I have had issues with ?all in the past (neutral), I'd avoid -all (hard fail) if you can. Hard fail can mess up mail forwarders if subscribers use them on their end. Instead, I'd suggest using ~all (softfail), which most mail providers seem to be OK with.
Jacob Slater KM6LDX
-
Brian Kantor -
Jacob Slater -
Michael Fox - N6MEF