From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 6F8F4138CCF for ; Mon, 11 May 2015 21:10:33 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 5D602E0895; Mon, 11 May 2015 21:10:22 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 66C7FE0857 for ; Mon, 11 May 2015 21:10:21 +0000 (UTC) Received: from grubbs.orbis-terrarum.net (localhost [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 3EE3D340988 for ; Mon, 11 May 2015 21:10:20 +0000 (UTC) Received: (qmail 10766 invoked by uid 10000); 11 May 2015 21:10:20 -0000 Date: Mon, 11 May 2015 21:10:20 +0000 From: "Robin H. Johnson" To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Anti-spam changes: proposal to drop spammy mail Message-ID: References: <5550AE30.4060706@nerot.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <5550AE30.4060706@nerot.com> User-Agent: Mutt/1.5.21 (2010-09-15) X-Archives-Salt: 63ab324c-12ac-477b-a883-f2e77678183e X-Archives-Hash: 94b4f4116c10b88043989d7145e3ae93 On Mon, May 11, 2015 at 03:27:12PM +0200, Charles Nérot wrote: > Lot of thing are done for fighting spam : dnssec, dane, spf, dkim, > dmarc... All of this for "trusting real sender". > Some of them break smtp built in fonctionnality : spf break forwarding [1]. DANE does nothing for spam, there are spammers that pass DNSSEC, DANE, DKIM, SPF. DMARC breaks mailing lists badly for domains with reject as their policy [1]. > If you beleive in spf (gentoo.org have an spf dns entry) , two ways need > to be looked at : > - fixing real sender with SRS [1]. SRS was NEVER approved to an RFC. Does Google actual handle it properly without violating DMARC? > - stop forwarding mail and do POP (gmail can do it) or IMAP from your > favorite (web)mail client. See prior in the thread, that this is NOT feasible for many users. > Dmarc dns entry with report activated can help you understand why google > blacklist you. We are NOT blacklisted. We are throttled, and there is a major difference there. A62D234090F 4425 Mon May 11 17:19:24 bugzilla-daemon@gentoo.org (host gmail-smtp-in.l.google.com[2607:f8b0:400e:c02::1a] said: 421-4.7.0 [2001:470:ea4a:1:214:c2ff:fe64:b2d3 15] Our system has detected 421-4.7.0 an unusual rate of unsolicited mail originating from your IP address. 421-4.7.0 To protect our users from spam, mail sent from your IP address has 421-4.7.0 been temporarily rate limited. Please visit 421-4.7.0 http://www.google.com/mail/help/bulk_mail.html to review our Bulk 421 4.7.0 Email Senders Guidelines. k5si11246054pdl.3 - gsmtp (in reply to end of DATA command)) ${CENSORED}@gmail.com [1] I previously wrote about how this breaks lists: http://robbat2.dreamwidth.org/238457.html -- Robin Hugh Johnson Gentoo Linux: Developer, Infrastructure Lead E-Mail : robbat2@gentoo.org GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85