Hi,
I run two very low traffic Mailman lists on my Linode. This morning one of them got an Email, and that's when I found out thanks to Comcast that my IP is on Cloudmark's blacklist. Naturally I've sent in a reset request using the form linked from the Comcast error message, and am still waiting to be removed. A few days ago I sent to a Comcast customer with no problem.
I've resolved the problem sending to Comcast by enabling my server to send using IPv6. This required me to have Linode allocate me my own /64 since my default IPv6 address was in a /64 blocked by Spamhaus XBL/CSS lists.
Does anyone know if Cloudmark blocks entire IP ranges or just individual addresses? I don't know why my IP is on Cloudmark's list, as most of the Email I send is personal in nature, to people I have corresponded with for years. I've used multiple RBL check tools, and everything has come back negative, except that my entire subnet is on Spamgrouper.to (checked by running a check on a neighboring IP). I have SPF, DKIM, and DMARC set up.
I'm getting really tired of these unexplained blacklistings. Does anyone know of any reliable outgoing Email service providers? Ideally I want to continue to handle my own incoming Email because I don't want someone else's spam blocking software deciding what Emails I receive.
Thanks,
Jayson
On Fri, 15 Mar 2024 22:17:55 -0400 Jayson Smith <jaybird@bluegrasspals.com> wrote:
I'm getting really tired of these unexplained blacklistings. Does anyone know of any reliable outgoing Email service providers? Ideally I want to continue to handle my own incoming Email because I don't want someone else's spam blocking software deciding what Emails I receive.
From what I can tell, you can reliably send to Microsft/Google/AOL/Yahoo, or you can reliably send to people who run their own mail servers. There seems to be "no in between." The closest I can see is ProtonMail, but that would probably need to have a lot of stuff setup to make work. ProtonMail doesn't violate the protocols like the big huge companies do, and it's big enough that the big huge companies can't just dump the mail into spam. I'd *love* to have a better answer, but really so much of the mail that I get sent to me gets filtered into spam, because they are using something like mailgun. Or... Google.
Jayson Smith writes:
I'm getting really tired of these unexplained blacklistings. Does anyone know of any reliable outgoing Email service providers?
What do you mean by that? Gmail for example allows you (or did allow you 18 months ago) to validate an alternate address through the usual "can you read this mail and send back a cookie" dance, and use those validated addresses in From.
Unfortunately, in my experience at least Gmail won't allow you to use a non-gmail address in From unless you're using their app or browser client. Authenticated SMTP to port 587 doesn't cut it for whatever reason. The best I could figure out was sending through eg gmail using From: me@gmail.com and setting Reply-To.
Ideally I want to continue to handle my own incoming Email because I don't want someone else's spam blocking software deciding what Emails I receive.
I don't know of freemail who allows that, unfortunately. The closest I know of is Google, as above.
Hi,
What I mean is that I'd love to find a good, reliable smarthost I can direct my SMTP server on my VPS to use. I've heard knowledgeable friends say over and over and over again, "Anyone who runs their own Email server is just asking for trouble, it's not worth it any more." The real problem I'm seeing is that seemingly within the last few years, at least some VPS providers (Linode and Digital Ocean for sure) have started getting entire IP ranges put on blocklists. My first experience of being put on UCEPROTECT level 3 was on January 20, 2021, and a few weeks ago my IP wound up on UCEPROTECT level 2. Yes, I know how the UCEPROTECT lists work, but the point is that I never used to find my IP on those lists, but now it happens every few months. I have to think something has happened to cause more spammers to use these providers.
As for incoming Email, I'd like for my own SMTP server to be able to continue handling it. The reason is that I don't want some other Email provider's spam blocking software deciding what I get to see. I have some incoming spam control measures in place for specific Email addresses that tend to receive a lot of spam, but for me and my family members, everything gets through. Yes this means we get incoming spam that comes our way, but it also means we don't have to worry about an important incoming message going missing because it was sent to the spam folder or silently discarded.
Thanks for any thoughts,
Jayson
On 3/16/2024 5:26 AM, Stephen J. Turnbull wrote:
Jayson Smith writes:
I'm getting really tired of these unexplained blacklistings. Does anyone know of any reliable outgoing Email service providers?
What do you mean by that? Gmail for example allows you (or did allow you 18 months ago) to validate an alternate address through the usual "can you read this mail and send back a cookie" dance, and use those validated addresses in From.
Unfortunately, in my experience at least Gmail won't allow you to use a non-gmail address in From unless you're using their app or browser client. Authenticated SMTP to port 587 doesn't cut it for whatever reason. The best I could figure out was sending through eg gmail using From: me@gmail.com and setting Reply-To.
Ideally I want to continue to handle my own incoming Email because I don't want someone else's spam blocking software deciding what Emails I receive.
I don't know of freemail who allows that, unfortunately. The closest I know of is Google, as above.
Jayson Smith writes:
What I mean is that I'd love to find a good, reliable smarthost I can direct my SMTP server on my VPS to use.
You could try some of the services listed here: Hosting: https://wiki.list.org/COM/Mailman%20hosting%20services Consulting: https://wiki.list.org/COM/Mailman%20consulting%20services They might have a better idea or offer exactly the service you want.
Otherwise, I think you kinda have to move your VPS to the service you want to use, and on top of the monthlies for running a server they'll charge you for email volume. AWS SES for example is 10,000 emails for $1 billed monthly, and there's a throughput charge as well but that too is probably negligible unless you're mailing videos. They do promise an IP with a clean reputation and they bonk your neighbors (and you) automatically for sending more than a tiny amount of spam, so I'd expect it to stay that way. FWIW ....
The real problem I'm seeing is that seemingly within the last few years, at least some VPS providers (Linode and Digital Ocean for sure) have started getting entire IP ranges put on blocklists.
This is nothing new. Effort-minimizing admins have been blocking whole netblocks for well over a decade. I think one new aspect is that non-admins have borrowed the technique of mass-reporting to try to shut down all aspects of an individual's or organization's Internet presence. I wouldn't block at the SMTP CONNECT level based on IP or domain alone for the reasons you give for running your own smtpd, and I doubt Google or Microsoft do. But I know a lot of admins who do.
I don't know what to do about it. I think my own server at my university got on Microsoft's bad side once, but it got better fairly quickly. I did contact Microsoft but I don't know if it had anything to do with getting off their blocklist, the only reply I got was a 'bot saying thank you for contacting Microsoft, check this link. I don't think they have their best minds working on the problem. Instead they get customers by being too big to block, is my guess.
Hi,
Comcast/Charter (found out about that one Saturday night when trying to reply to a legit individual message) both reject the message as soon as a blocked server connects, you don't even get to say HELO. Microsoft, when they decide you're evil and put you on their internal blacklist, reject after Mail from:. I find these rejections quite annoying, because clearly this means their spam analytics software is missing out on a lot of details that could help them make a more informed decision about whether to accept the message. Are my SPF and DKIM in order? (Yes I know spammers can and probably often do also have good SPF and DKIM but it's just one factor.) Is the message to a valid recipient? Does the content look spammy, as whatever their AI systems are would define spammy? Does my sending domain have a good reputation with this provider? Am I sending to someone I've sent messages deemed non-spammy to in the past? Am I perhaps replying to a message from this person which their software can, if they choose to, objectively prove was sent to me through their servers by that person?
But oh no, if your IP is on one of the blacklists we check, we won't just consider that a factor in delivery decisions, this means you must be totally evil and we're not even going to let you talk to us at all, even if it was your evil neighbors that got your entire IP range on that list. Go away and don't come back until you've solved your spam problem that probably isn't even your problem. Goodbye!
Jayson
On 3/18/2024 8:54 AM, Stephen J. Turnbull wrote:
Jayson Smith writes:
What I mean is that I'd love to find a good, reliable smarthost I can direct my SMTP server on my VPS to use.
You could try some of the services listed here: Hosting: https://wiki.list.org/COM/Mailman%20hosting%20services Consulting: https://wiki.list.org/COM/Mailman%20consulting%20services They might have a better idea or offer exactly the service you want.
Otherwise, I think you kinda have to move your VPS to the service you want to use, and on top of the monthlies for running a server they'll charge you for email volume. AWS SES for example is 10,000 emails for $1 billed monthly, and there's a throughput charge as well but that too is probably negligible unless you're mailing videos. They do promise an IP with a clean reputation and they bonk your neighbors (and you) automatically for sending more than a tiny amount of spam, so I'd expect it to stay that way. FWIW ....
The real problem I'm seeing is that seemingly within the last few years, at least some VPS providers (Linode and Digital Ocean for sure) have started getting entire IP ranges put on blocklists.
This is nothing new. Effort-minimizing admins have been blocking whole netblocks for well over a decade. I think one new aspect is that non-admins have borrowed the technique of mass-reporting to try to shut down all aspects of an individual's or organization's Internet presence. I wouldn't block at the SMTP CONNECT level based on IP or domain alone for the reasons you give for running your own smtpd, and I doubt Google or Microsoft do. But I know a lot of admins who do.
I don't know what to do about it. I think my own server at my university got on Microsoft's bad side once, but it got better fairly quickly. I did contact Microsoft but I don't know if it had anything to do with getting off their blocklist, the only reply I got was a 'bot saying thank you for contacting Microsoft, check this link. I don't think they have their best minds working on the problem. Instead they get customers by being too big to block, is my guess.
On 3/18/24 09:46, Jayson Smith wrote:
Hi,
Comcast/Charter (found out about that one Saturday night when trying to reply to a legit individual message) both reject the message as soon as a blocked server connects, you don't even get to say HELO. Microsoft, when they decide you're evil and put you on their internal blacklist, reject after Mail from:. I find these rejections quite annoying, because clearly this means their spam analytics software is missing out on a lot of details that could help them make a more informed decision about whether to accept the message.
That's the point of rejecting on HELO: you don't download megabytes of content and waste CPU cycles trying to make sense of it. It's a feature-not-a-bug.
Dima
Jayson Smith writes:
Comcast/Charter (found out about that one Saturday night when trying to reply to a legit individual message) both reject the message as soon as a blocked server connects,
Comcast is really bad for any number of reasons. Unfortunately, if I remember correctly they're effectively a monopoly ISP for broadband in parts of the country. Never heard of Charter.
Microsoft, when they decide you're evil and put you on their internal blacklist, reject after Mail from:.
That's bizarre. Even though I have no respect for the morals or technology of Microsoft "security" in the broadest sense, the only sensible reason for blocking at that point (rather than connect or HELO) I can think of is that they do a lookup on the SPF record for the domain in MAIL FROM and block based on "From alignment". I assume you've checked and rechecked that, but if not, check your SPF record.
I find these rejections quite annoying, because clearly this means their spam analytics software is missing out on a lot of details that could help them make a more informed decision about whether to accept the message.
The quantity of spam that they're handling is mind-boggling. In 2014, the head of email security at Yahoo (who is very good; disclaimer, she gave me a kitten many decades ago :-) reported to the DMARC working group at IETF that after a different department leaked half a billion contact lists to spammers (who used them for "recommended by a friend" spam), they were facing sustained campaigns of more than 1 million spams per minute. In that context, finding ways to block on connect makes sense.
What I don't understand is why they don't use rate-limiting techniques where possible (ie, if they're not being DOS'ed). For example, at first contact, temporary failure for 15 minutes. Upon retry (which typically will take 4 hours in most MTAs' default configuration), it's accepted and if not spam, it's delivered to the recipient(s) and the source whitelisted. If it *is* spam, you go back on the greylist with longer and longer delays as a higher proportion of spam is detected. If no legit mail is found, eventually you go on the blacklist.
But oh no, if your IP is on one of the blacklists we check,
I doubt the folks who provide email as an opt-in service (Gmail, Microsoft) take RBLs very seriously. They're in the business of profiling traffic, and it makes sense and dollars to profile everybody, customers and non-customers. That's the only way I can make sense of the way sometimes Microsoft will magically unblock you after stonewalling for days or weeks.
The ISPs who provide email because that's what ISPs do aka Comcast I wouldn't be surprised, though.
Go away and don't come back until you've solved your spam problem that probably isn't even your problem. Goodbye!
Unfortunately email addresses aren't portable, although it wouldn't be hard to make them so. Sure, many customers would stick with their ISP mailboxes despite losing mail, but for people willing to invest in better service the big cost to switching email providers is getting their correspondents to update contact lists.
Steve
Jayson,
I'm not sure I'm fully knowledgeable enough in this matter to help, but maybe...
For my Mastodon VPS I use sendpulse.com as the outgoing SMTP server. They have a surprisingly high threshold of free outbound SMTP messages they allow per month before asking you for a paid plan. So far, I have had no problem with blocked messages, so you might try them?
FYI -- This is a company based in Ukraine with their servers in Germany, so not sure what happens if Russia makes further strides in the war.
-- Michael
*Michael Reeder, LCPC * *Hygeia Counseling Services : Baltimore / Mt. Washington Village location* *410-871-TALK / michael(at)hygeiacounseling.com*
On 3/16/2024 11:10 AM, Jayson Smith wrote:
Hi,
What I mean is that I'd love to find a good, reliable smarthost I can direct my SMTP server on my VPS to use. I've heard knowledgeable friends say over and over and over again, "Anyone who runs their own Email server is just asking for trouble, it's not worth it any more." The real problem I'm seeing is that seemingly within the last few years, at least some VPS providers (Linode and Digital Ocean for sure) have started getting entire IP ranges put on blocklists. My first experience of being put on UCEPROTECT level 3 was on January 20, 2021, and a few weeks ago my IP wound up on UCEPROTECT level 2. Yes, I know how the UCEPROTECT lists work, but the point is that I never used to find my IP on those lists, but now it happens every few months. I have to think something has happened to cause more spammers to use these providers.
As for incoming Email, I'd like for my own SMTP server to be able to continue handling it. The reason is that I don't want some other Email provider's spam blocking software deciding what I get to see. I have some incoming spam control measures in place for specific Email addresses that tend to receive a lot of spam, but for me and my family members, everything gets through. Yes this means we get incoming spam that comes our way, but it also means we don't have to worry about an important incoming message going missing because it was sent to the spam folder or silently discarded.
Thanks for any thoughts,
Jayson
On 3/16/2024 5:26 AM, Stephen J. Turnbull wrote:
Jayson Smith writes:
> I'm getting really tired of these unexplained blacklistings. Does > anyone know of any reliable outgoing Email service providers?
What do you mean by that? Gmail for example allows you (or did allow you 18 months ago) to validate an alternate address through the usual "can you read this mail and send back a cookie" dance, and use those validated addresses in From.
Unfortunately, in my experience at least Gmail won't allow you to use a non-gmail address in From unless you're using their app or browser client. Authenticated SMTP to port 587 doesn't cut it for whatever reason. The best I could figure out was sending through eg gmail using From: me@gmail.com and setting Reply-To.
> Ideally I want to continue to handle my own incoming Email because > I don't want someone else's spam blocking software deciding what > Emails I receive.
I don't know of freemail who allows that, unfortunately. The closest I know of is Google, as above.
Jayson,
The top blog post on this site is currently on the topic of getting Gmail and others to accept self-hosted email:
Looks like Jerry uses Mailgun.
Michael Reeder Michael@hygeiacounseling.com Baltimore, MD
On April 14, 2024 11:48:20 AM EDT, Michael Reeder -- Hygeia MS <michael@securemail.hygeiacounseling.com> wrote:
Jayson,
I'm not sure I'm fully knowledgeable enough in this matter to help, but maybe...
For my Mastodon VPS I use sendpulse.com as the outgoing SMTP server. They have a surprisingly high threshold of free outbound SMTP messages they allow per month before asking you for a paid plan. So far, I have had no problem with blocked messages, so you might try them?
FYI -- This is a company based in Ukraine with their servers in Germany, so not sure what happens if Russia makes further strides in the war.
-- Michael
*Michael Reeder, LCPC * *Hygeia Counseling Services : Baltimore / Mt. Washington Village location* *410-871-TALK / michael(at)hygeiacounseling.com*
On 3/16/2024 11:10 AM, Jayson Smith wrote:
Hi,
What I mean is that I'd love to find a good, reliable smarthost I can direct my SMTP server on my VPS to use. I've heard knowledgeable friends say over and over and over again, "Anyone who runs their own Email server is just asking for trouble, it's not worth it any more." The real problem I'm seeing is that seemingly within the last few years, at least some VPS providers (Linode and Digital Ocean for sure) have started getting entire IP ranges put on blocklists. My first experience of being put on UCEPROTECT level 3 was on January 20, 2021, and a few weeks ago my IP wound up on UCEPROTECT level 2. Yes, I know how the UCEPROTECT lists work, but the point is that I never used to find my IP on those lists, but now it happens every few months. I have to think something has happened to cause more spammers to use these providers.
As for incoming Email, I'd like for my own SMTP server to be able to continue handling it. The reason is that I don't want some other Email provider's spam blocking software deciding what I get to see. I have some incoming spam control measures in place for specific Email addresses that tend to receive a lot of spam, but for me and my family members, everything gets through. Yes this means we get incoming spam that comes our way, but it also means we don't have to worry about an important incoming message going missing because it was sent to the spam folder or silently discarded.
Thanks for any thoughts,
Jayson
On 3/16/2024 5:26 AM, Stephen J. Turnbull wrote:
Jayson Smith writes:
> I'm getting really tired of these unexplained blacklistings. Does > anyone know of any reliable outgoing Email service providers?
What do you mean by that? Gmail for example allows you (or did allow you 18 months ago) to validate an alternate address through the usual "can you read this mail and send back a cookie" dance, and use those validated addresses in From.
Unfortunately, in my experience at least Gmail won't allow you to use a non-gmail address in From unless you're using their app or browser client. Authenticated SMTP to port 587 doesn't cut it for whatever reason. The best I could figure out was sending through eg gmail using From: me@gmail.com and setting Reply-To.
> Ideally I want to continue to handle my own incoming Email because > I don't want someone else's spam blocking software deciding what > Emails I receive.
I don't know of freemail who allows that, unfortunately. The closest I know of is Google, as above.
Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-leave@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: michael@hygeiacounseling.com
participants (6)
-
Dmitri Maziuk -
Jayson Smith -
Jigme Datse -
Michael Reeder -- Hygeia MS -
Michael Reeder LCPC
-
Stephen J. Turnbull