:: Re: [DNG] Excessive bounces
Top Page
Delete this message
Reply to this message
Author: info at smallinnovations dot nl
Date:  
To: dng
Subject: Re: [DNG] Excessive bounces
On 02-08-17 16:41, Simon Hobson wrote:
> Antony Stone <Antony.Stone@???> wrote:
>
>> Is it possible to check the mail server logs for delivery failures on the
>> problematic addresses (which is presumably what the warning email means by
>> "bounces") to see what reason was given by the receiving server?
> That's the important thing to look for - and my money is it's related to SPF and/or DMARC.
>
>
> The supporters of SPF knew in advance that "it breaks stuff that's in widespread and valid use" but simply declared these activities to be "no longer valid"*. Key bits of the stuff it breaks are mailing lists and email forwarding.
> The answer for SPF is SRS - which as far as I can tell means having the mailing list/forwarder modify the headers - which effectively means you can bypass SPF checks !
>
> If the sender domain doesn't publish SPF records or the recipient server doesn't check them then all is fine - but if the sender has an SPF record AND the recipient server checks it, then it breaks all traditional mailing list/mail forwarding techniques.
>
> So now almost all mailing list admins are having to deal with the pile of excrement handed down by "the big guys" who frankly don't give a **** about anyone else as long as they can make it LOOK like they are dealing with spam for their customers. Unfortunately, MS (Hotmail, Office 365, etc), Google (gmail etc), and Yahoo, between them have enough clout that you can't really do anything but ask "how high ?" when they ask you to jump :-(
>
> Just one reason why I run my own mail server and neither publish nor check SPF records.
>
>
> * Like in the old joke :
> Q: how many Microsoft people does it take to change a lightbulb ?
> A: none, they just change the industry standard to dark
>
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng


My mailserver does give some warnings about dkim like:
Aug 2 16:40:48 mail opendkim[16133]: 5358E209: tupac2.dyne.org
[178.62.188.7] not internal
Aug 2 16:40:48 mail opendkim[16133]: 5358E209: not authenticated
Aug 2 16:40:48 mail opendkim[16133]: 5358E209: s=20161025 d=gmail.com SSL
Aug 2 16:40:48 mail opendkim[16133]: 5358E209: bad signature data

And two hard errors last two days:
Aug 1 17:25:48 mail opendkim[16133]: E62803F0: key retrieval failed
(s=mail, d=dyne.org): 'mail._domainkey.dyne.org' query timed out
Aug 2 16:29:03 mail opendkim[16133]: DD24A209: key retrieval failed
(s=mail, d=dyne.org): 'mail._domainkey.dyne.org' query timed out

Not sure what get added when sending to a maillist but apparently not
everything needed.


Grtz.

Nick