Post Aclfw02xAXRbO2Ioeu by selea@social.linux.pizza
(DIR) More posts by selea@social.linux.pizza
(DIR) Post #AclGaulz5FKs5yDMEC by siguza@infosec.exchange
2023-12-13T05:18:32Z
4 likes, 1 repeats
Gmail has once again blacklisted my mail server because of the SIX emails I have sent in the entirety of December so far, because obviously that constitutes "an unusual rate of unsolicited mail".I set up SPF, DKIM, DMARC, first get lumped in with a bad /24 IP block, slowly build up a reputation as a non-spammy IP, etc. etc., but none of that matters.This is nothing but a racketeering scheme to force everyone to pay for Gmail for business.
(DIR) Post #AclGavhlcPYYzBFVIG by selea@social.linux.pizza
2023-12-13T08:39:57Z
0 likes, 0 repeats
@siguza PTR is correct too?
(DIR) Post #AclHnWVchuw8Yq8bya by siguza@infosec.exchange
2023-12-13T08:53:27Z
0 likes, 0 repeats
@selea you mean rDNS? Yes ofc. When I enabled IPv6 on my server and got 10 addresses assigned, email delivery failed immediately because I had only set it up for the first IP, so I had to fix that then and there.But I've been able to send mail to Gmail for many years, though this isn't the first time I've been banned for absolutely no reason. This is not a technical issue.
(DIR) Post #AclOCVwaXq7Vlz3BeC by selea@social.linux.pizza
2023-12-13T10:05:11Z
0 likes, 0 repeats
@siguza That's great, just asked since it was not mentioned in the original post.Personally, chopsing the right ISP/Hosting provider is the most crucial part of mail-server hosting. Since basically everything boils down to how "clean" the subnet are
(DIR) Post #AclRxufwi8DrwvYjHk by siguza@infosec.exchange
2023-12-13T10:47:21Z
0 likes, 0 repeats
@selea I like how this is literally the email version of judging people by the colour of their skin.Again, this is not a technical problem. I've attached the message I got from gmail below. They tell me they've received "an unusual rate of unsolicited mail originating from your SPF domain". They're lying. I checked my outgoing mail logs, this was the first email sent to gmail in over 2 weeks. And anything trying to send in my name but not going through my mail server should surely fail due to SPF and DKIM.This is not a technical problem, it's a corporate politics problem where Gmail doesn't like any party that isn't paying them. There's hundreds of thousands of cases of this on the net, and the one "solution" that works for people is paying some big email provider.
(DIR) Post #AclYZNDi939Gv0b9NI by amiloradovsky@stereophonic.space
2023-12-13T12:01:22.866795Z
0 likes, 0 repeats
@siguza #SPF, #DKIM, etc. add nothing to the security, it's just another artificial hoop to jump through for those who dare to self-host e-mail; same as Oauth
(DIR) Post #AclbQW1OLuCVTIItUm by lopp@lopp.social
2023-12-13T12:11:33Z
0 likes, 1 repeats
@siguza@campuscodi I spent a decade as an engineer at an email service provider and this is my takeaway: https://blog.lopp.net/death-of-decentralized-email/
(DIR) Post #AclbYEsPyodUcAmzVg by paduser@bitbang.social
2023-12-13T06:22:53Z
0 likes, 0 repeats
@siguza gmail should get their own outgoing spam under control. I mainly get spam from gmail, hotmail and outlook.com addresses these days.Tried reporting them to gmail does nothing, abuse mails get ignored as well as the web form.
(DIR) Post #AclbYG5DUiT4M9mj68 by siguza@infosec.exchange
2023-12-13T06:27:55Z
0 likes, 0 repeats
@paduser I get like 80% from gmail, about 10% from some domain registered yesterday, and another 10% from domains like crgnbl.ak.zx.[some random domain of a small website that they probably hacked].
(DIR) Post #AclbYHsWorVTvNrcbA by siguza@infosec.exchange
2023-12-13T06:28:18Z
1 likes, 0 repeats
@paduser but lol why would gmail care about outgoing spam if they have a quasi-monopoly.
(DIR) Post #Aclfw02xAXRbO2Ioeu by selea@social.linux.pizza
2023-12-13T13:23:53Z
0 likes, 0 repeats
@siguza Sending emails over IPv6 has always been tricky, and the screenshot perfectly describes it. How long ago did you enable IPv6?
(DIR) Post #Aclg2juvXJONOBlJBI by selea@social.linux.pizza
2023-12-13T13:25:06Z
0 likes, 0 repeats
@siguza Btw, I am NOT blaming you for anything.I am just trying get a picture of the problem by asking those questions to people experiencing the problem.I have run my own emailserver for 10 years. So this is just curiosity
(DIR) Post #AclgVYQZKjue9WInSa by feld@bikeshed.party
2023-12-13T13:29:54.284271Z
0 likes, 0 repeats
@selea @siguza do any of the major providers (Google, outlook, ???) deliver over IPv6? When we turned on v6 at the ISP I worked at we had to remove it from all our MX because of this same issue -- v4 is blessed because of a long history of sender reputation, v6 is permanently on the naughty list
(DIR) Post #AclhL0ibuLmofFHFSq by siguza@infosec.exchange
2023-12-13T13:39:37Z
0 likes, 0 repeats
@selea I got IPv6 in mid-July 2021.
(DIR) Post #AcliwUOgcslbNbOQk4 by siguza@infosec.exchange
2023-12-13T13:42:58Z
0 likes, 0 repeats
@feld @selea the DMARC reports I get are mixed between IPv4 and IPv6. Sometimes only one type, sometimes both. So yeah, I'm pretty sure I can reach them over IPv6.
(DIR) Post #AcliwVAtjdKbn7wvtA by feld@bikeshed.party
2023-12-13T13:57:09.894430Z
0 likes, 0 repeats
@siguza @selea you can reach them, but I'm asking if they typically send email outbound over IPv6 by default. They certainly don't like it when you use it to deliver to *them*.
(DIR) Post #AcljeUIIN2aHnlNqWO by siguza@infosec.exchange
2023-12-13T14:04:32Z
0 likes, 0 repeats
@feld @selea connect from mail-ej1-x643.google.com[2a00:1450:4864:20::643]connect from mail-lj1-x22d.google.com[2a00:1450:4864:20::22d]So yes, they do initiate over IPv6 themselves.
(DIR) Post #AcljeV1Jfeb43ORnhA by feld@bikeshed.party
2023-12-13T14:05:23.341569Z
0 likes, 0 repeats
@siguza @selea so they're hypocrites as suspected 😵💫
(DIR) Post #Aclk0kOjB5hY7L0T8i by selea@social.linux.pizza
2023-12-13T14:09:34Z
0 likes, 0 repeats
@feld Indeed they are.This is the reason I stopped delivery over IPv6 to google and microsoft.I suspect that they dont trust ipv6-networks that much since basically everyone can get their own range for free.IPv4-only seems to do the trick (atleast for me and the orgs I have worked for)@siguza
(DIR) Post #AclkDS3ifl730NEonQ by feld@bikeshed.party
2023-12-13T14:11:43.056422Z
0 likes, 0 repeats
@selea @siguza this mirrors my past experience, but I've been away from email related duties for probably 7 years now.Sad to see nothing has changed...
(DIR) Post #AcpMJtBH7tdual9H0K by suqdiq@chaos.social
2023-12-14T23:00:58Z
0 likes, 0 repeats
@siguzaSo i guess if i used one of my work gmail accounts that has enterprise support to receive an email notification from you. Once i dont get one i could ask support to know why and ask to unblock maybe? @selea
(DIR) Post #AcpMJtvMMYVQtgi4ps by siguza@infosec.exchange
2023-12-15T07:50:59Z
0 likes, 0 repeats
@suqdiq @selea I feel like what would happen is that they would just blame it on me and tell you to contact me instead, and not give you any specific info. At most they'd probably repeat the line "an unusual rate of unsolicited mail".
(DIR) Post #AcpMJusCplZrqCF4Yi by selea@social.linux.pizza
2023-12-15T08:02:57Z
0 likes, 0 repeats
@siguza Actually, they dont just blame it.The times I have been in contact with them, they have actually take the time to investigate why and remove the block on the /24 network.MS on the other hand, have no idea why stuff happends@suqdiq
(DIR) Post #AcpMJyPzebO2pr4b8i by siguza@infosec.exchange
2023-12-15T07:54:33Z
0 likes, 0 repeats
@suqdiq @selea the problem here is that Google is too big to fail, and any of their customers need them way more than Google needs any of them. Re-Logic, the developer of Terraria, once had their Google account suspended without any justification, and they had to cancel Terraria for Stadia and publicly drag Google through the mud on social media and in the press for two months before they got their account back. Google doesn't give a shit about anyone, unless it's like... the size of the EU. Anything smaller is a rounding error to them.