Hi, Chris Murphy <lists@xxxxxxxxxxxxxxxxx>: > FYI, gmail puts your emails in spam for the following reason: > Why is this message in Spam? It has a from address in yahoo.com.au but > has failed yahoo.com.au's required tests for authentication. That's particularly odd, since to send emails using this address, I actually post them through Yahoo's SMTP server, and it demands that I login and authenticate (and every now and then they screw that up, by changing how I do that - different ports, protocols). So, Yahoo ought to be relaying that message with good headers (for want of a better description). To post to a yahoo smtp server, I have to set Evolution to connect to port 465 (at the moment, this has changed over time) using SSL, and supply a username and password (at the moment, the username is the bit left of the @ sign, not the whole email address, but I seem to recall that has changed, over time, and had to be discovered by experiment, because their own instructions were crap). If that doesn't tell yahoo that I am the right person to send an email coming from the address that I'm using, I don't know what else will do any better. > I'm seeing an increase in list emails dumped into spam with the same > kind of message. I'm not sure what's failed, this is the best clue I > have: > > Received-SPF: pass (google.com: domain of > users-bounces@xxxxxxxxxxxxxxxxxxxxxxx designates 209.132.181.2 as > permitted sender) client-ip=209.132.181.2; > Authentication-Results: mx.google.com; > spf=pass (google.com: domain of > users-bounces@xxxxxxxxxxxxxxxxxxxxxxx designates 209.132.181.2 as > permitted sender) smtp.mailfrom=users-bounces@xxxxxxxxxxxxxxxxxxxxxxx; > dmarc=fail (p=REJECT dis=NONE) header.from=yahoo.com.au Have you checked the IP isn't on a blacklist? Is the bounce address supposed to be authenticated in some way? Are the Fedora SPF records in order? Is gmail being particularly dumb about list mail (being stupid about the plethora of different "from" addresses from all the participants)? I'm not convinced that SPF is all that it's cracked up to be. I still get the odd spam that's supposedly checked and okay. As well as mail passed through various systems, without being stopped, despite having headers declaring it as unverified or even some kind of outright violation. I have my own domain, and supposedly I ought to configure things to make use of SPF, but the instructional info is incomprehensible. Not to mention, the additional headache in trying to work out how to do that through my website and mail hosting company interface (with an unknown number of other members sharing IPs thanks to virtual name-based hosting). Sure, it comes with CPanel (unless that's changed since I last looked), which is supposed to do a lot of the grunt work for you, but I have no idea what it's really going to do whenever you play with the interface. Will it do the job right? Will it do it in a secure manner, or will it do it insecurely just to make it easier. I have little faith with these configurator things. And I have little faith in anti-spam systems, in general. After losing touch with someone, I (eventually) found out that: (a) My mails were erroneously being declared to spam (heck knows why, because I don't do anything that's remotely like spam that could possibly accidentally become a false positive). (b) That they couldn't be stuffed doing anything about it. And I'm sure that's the attitude of a lot of people; it's all too hard, so bury their head in the sand. The same kind of people who make websites unusable, then say that they get "no complaints," blithely glossing over the fact that they made it impossible to register a complaint. (c) Even those that cared enough to try and fix it, many would be incapable of doing so. I gave up trying to use anti-spam systems, myself, long ago, (because of any false positive being one too many, and the continual manual tweaking being more painful than just hitting the delete key twice a day) and concentrated on taking steps to not receive spam, in the first place. If I have to keep checking a spam box, what's the point of using it. It's *easier* just to check one inbox, it's been much more effective. The chief step being to post to this list using an address that's inbox auto-deletes everything without a special password, and to receive messages using a second address that isn't publicly exposed on this list. Long, long, ago, I found that posting to mailing lists was the main way to get spam, addresses are harvested from them en-masse. Stop exposing your address, and don't use ones that get easily spammed by random dictionary attacks, and your spam dwindles significantly. I also found out that uploading a PGP key to a public server is another way to receive spam, someone automatically spams addresses they harvest from them. I could test this rapidly, upload a new key, get spam from it within a day (permanent ongoing spam, every day, until I do something about it). Delete an address from a key, and it stops receiving spam within a couple of days, and stays that way. The only anti-spam technique I ever had any faith in was using a honeypot address. Any duplicates of mail received by it, in my other accounts, will be 100% spam, and can be killed without any worries. That was relatively easy to implement if I run a mailserver on my own computer, but much harder to do with externally hosted mail services, and impossible if the different mail accounts weren't on the same mail service, other than drag in all external mail, and process the lot on my own server. But, for some people, that can mean dragging in megabytes of spam mail, where you wanted to avoid that entirely. -- tim@localhost ~]$ uname -rsvp Linux 3.19.8-100.fc20.i686 #1 SMP Tue May 12 17:42:35 UTC 2015 i686 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. George Orwell's '1984' was supposed to be a warning against tyranny, not a set of instructions for supposedly democratic governments. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: http://lists.fedoraproject.org/admin/lists/users@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
