On Wed, Dec 30, 2020 at 11:35 AM Peter Corlett via cctalk <
cctalk at classiccmp.org> wrote:
On Wed, Dec 30, 2020 at 10:13:40AM -0500, Bill Degnan
via cctalk wrote:
[...]
Attempting to pull in this thread a tad, there
are relatively simple
measures that can be taken to bring a private mail server into compliance
with gmail, Amazon, Microsoft level mail server protocol and
authentication.
You have failed to explain why I should make any effort at all to jump
through random hoops set up by FAANG which seem to change on a weekly basis
and where doing so offers no guarantee of success.
Its not just gmail. The simplest measures are
done with DNS and TLS. Most
of the mail that I see routinely falling into spam folder is from what
appears to be spoofed domains. Many of these are legit messages
... so therefore they are not actually spoofed.
[...] that dont have a properly configured DNS
record,
I already have properly-configured DNS for mail: an MX record.
preventing the receiving server from
authenticating the FROM domain as
owned by the sender.
SMTP is an unauthenticated protocol. Further, the futile attempts to bodge
authentication on to it with the likes of SPF and DKIM do not actually help
at all with spam. Until I just added them to my blacklist of pink providers
whose mail is unconditionally rejected, Google was quite happy to unleash a
firehose of spam at my server, all nicely DKIM-signed to tell me it came
from Google like I couldn't have already figured that out from the IP
address.
A simple fix.
So, what simple fix is this?
SPF is extremely broken by design. The only useful configuration is a short
PASS list of valid-sender IP addresses and a FAIL of everything else (e.g.
"v=spf1 ip4:10.20.30.40 a -all"). This requires ensuring that you can
chokepoint all mail through those hosts, which is not always easy to
arrange.
DKIM attempts to "fix" SPF by adding cryptography, thus adding rather a lot
of extra complexity and CPU usage. This means that classic computers can no
longer send email, because they don't have enough grunt to overcome this
artificial barrier. It makes mail rather brittle and tends to break mailing
lists in an even more spectacular manner than SPF. Just to liven things up
a
bit, DKIM is also patent-encumbered.
Then there's ARC which attempts to mitigate various deliverability problems
caused by DKIM making mail more brittle. No doubt further layers of gaffer
tape will follow when that breaks something.
And to what end? So the odds of a hypothetical message sent to a GMail user
ending up in their spam folder drops from 99% to 98%? Here's a nickel kid,
get yourself a better mail provider.
I did not expect everyone to agree with me, I just wanted to point out that
the same few domains keep ending up in the SPAM folder of gmail. Here is a
useful article that explains some of the issues and how to tackle them.
Ignore for whatever reason and your messages are lost. More people use
gmail than any other mail platform. In ones' younger years technical
challenges are met with less abstinence. It's hard to keep up with the
times but the times they are a changing.