When I previously replied, mentioning Gmail's infamous "silent discards" (at both send and receive ends), I didn't mention SPF/DKIM/DMARC yet, but now that this thread is moving away from Shaw being the likely culprit, I want to wholeheartedly endorse getting the whole SPF/DKIM/DMARC act together on these custom domains. That's what I've been doing for a number of years for customers and friends, and it has helped greatly. There will still be problems even after having perfect SPF/DKIM/DMARC triple-pass, due to the additional consumer-oriented algorithms, that many systems use (especially Gmail, once again), but it sure is a good major first step. One additional caveat, which I've been dealing with in the last 2+ years: If the initial receiving system is set up to forward incoming e-mail onward to additional addresses (most consumer systems have that feature), the forwarding mechanisms vary (including what they add to the header), and that sometimes breaks DKIM/DMARC and/or signatures that are computed on the original e-mail. Sometimes, different receiving servers give different treatments to the very same e-mail in such a case (I'm diagnosing such a case right now). These problems are the worst with consumer e-mail systems (Gmail, MS Mail, Yahoo, etc.) which, by consumer demand, err on the side of protecting the consumer with excessive rejections/discards, whereas biz/pro e-mail systems allow (at least optionally) all e-mail to be sent/received. Oh, and get ready for BIMI to join SPF/DKIM/DMARC. BIMI involves the authentication of logo/icon-type images in the signature of sent e-mails. Hartmut On Sun 01 Dec 2024 at 07:24:41 -06:00, Scott Toderash <scott@100percenthelpdesk.com<mailto:scott@100percenthelpdesk.com>> wrote: DMARC is a good suggestion. There are hundreds of domains so some are surely not set up correctly. I think we've reviewed the bigger/higher volume ones but that's something good to follow up on. I'll see what I can find out about cloudfilter.net, in case there is anything more to know about them. I'll see what more detail I can find from what happens with it this week. And, if all else, fails, read a book... That may be worthwhile too Adam. On 2024-11-30 23:56, Adam Thompson wrote:
I'll shill for a friend here: Michael W. Lucas, "Run Your Own Mailserver", Windmill Press, 2024. https://mwl.io/nonfiction/tools#ryoms It's not actually for anyone clueless, it has clues aplenty even for the clueful. -Adam
-----Original Message----- From: Trevor Cordes <trevor@tecnopolis.ca<mailto:trevor@tecnopolis.ca>> Sent: November 30, 2024 23:53 To: Scott Toderash <scott@100percenthelpdesk.com<mailto:scott@100percenthelpdesk.com>> Cc: Continuation of Round Table discussion <roundtable@muug.ca<mailto:roundtable@muug.ca>> Subject: [RndTbl] Re: shaw email blacklist
On 2024-11-29 Scott Toderash wrote:
No, my server is the smarthost for a bunch of other servers that I run. Various Shaw customers are the recipients. Regular folks. Totally out of my control.
I am not a Shaw customer at all. That's what makes this more difficult. They appear to have a private blacklist and I wish I could find out more about it.
Ah, so you're a server somewhere external to shaw just trying to get your emails through to people with @shaw email addresses, eh? Yes, now RBLs make more sense.
Are you getting blanket blocked by IP or just from-address blocked on certain domains you smarthost for? Or even just certain email addresses within a domain?
Bounce or drops?
Have you made sure you are passing all DMARC, SPF, DKIM? (See my presentation notes from May 7, 2024: https://muug.ca/meetings/23-24.html )
I do similar to you, at a pretty massive scale, and I've never noticed a problem with Shaw in particular. As all these companies (and their 3rd party providers) get stricter on DMARC/etc you may find RBL-like occurrences pop up -- but they are really DMARC/etc issues.
Note, it looks like shaw outsources MX to cloudfilter.net, so you could investigate what they are doing for RBL and what they are requiring for DMARC, etc. (Turning on DMARC reporting temporarily may help troubleshoot.) _______________________________________________ Roundtable mailing list -- roundtable@muug.ca<mailto:roundtable@muug.ca> To unsubscribe send an email to roundtable-leave@muug.ca<mailto:roundtable-leave@muug.ca>
Roundtable mailing list -- roundtable@muug.ca<mailto:roundtable@muug.ca> To unsubscribe send an email to roundtable-leave@muug.ca<mailto:roundtable-leave@muug.ca> _______________________________________________ Roundtable mailing list -- roundtable@muug.ca To unsubscribe send an email to roundtable-leave@muug.ca