Caution! This message was sent from outside the University of Manitoba.

When I previously replied, mentioning Gmail's infamous "silent discards" (at both send and receive ends), I didn't mention SPF/DKIM/DMARC yet, but now that this thread is moving away from Shaw being the likely culprit, I want to wholeheartedly endorse getting the whole SPF/DKIM/DMARC act together on these custom domains.

That's what I've been doing for a number of years for customers and friends, and it has helped greatly.  There will still be problems even after having perfect SPF/DKIM/DMARC triple-pass, due to the additional consumer-oriented algorithms, that many systems use (especially Gmail, once again), but it sure is a good major first step.

One additional caveat, which I've been dealing with in the last 2+ years:  If the initial receiving system is set up to forward incoming e-mail onward to additional addresses (most consumer systems have that feature), the forwarding mechanisms vary (including what they add to the header), and that sometimes breaks DKIM/DMARC and/or signatures that are computed on the original e-mail.  Sometimes, different receiving servers give different treatments to the very same e-mail in such a case (I'm diagnosing such a case right now).

These problems are the worst with consumer e-mail systems (Gmail, MS Mail, Yahoo, etc.) which, by consumer demand, err on the side of protecting the consumer with excessive rejections/discards, whereas biz/pro e-mail systems allow (at least optionally) all e-mail to be sent/received.

Oh, and get ready for BIMI to join SPF/DKIM/DMARC.  BIMI involves the authentication of logo/icon-type images in the signature of sent e-mails.

Hartmut


On Sun 01 Dec 2024 at 07:24:41 -06:00, Scott Toderash <scott@100percenthelpdesk.com> wrote:
DMARC is a good suggestion. There are hundreds of domains so some are 
surely not set up correctly. I think we've reviewed the bigger/higher 
volume ones but that's something good to follow up on.

I'll see what I can find out about cloudfilter.net, in case there is 
anything more to know about them.

I'll see what more detail I can find from what happens with it this 
week.

And, if all else, fails, read a book... That may be worthwhile too Adam.



On 2024-11-30 23:56, Adam Thompson wrote:
> I'll shill for a friend here:  Michael W. Lucas, "Run Your Own 
> Mailserver", Windmill Press, 2024.  
https://mwl.io/nonfiction/tools#ryoms
> It's not actually for anyone clueless, it has clues aplenty even for 
> the clueful.
> -Adam


> -----Original Message-----
> From: Trevor Cordes <trevor@tecnopolis.ca>
> Sent: November 30, 2024 23:53
> To: Scott Toderash <scott@100percenthelpdesk.com>
> Cc: Continuation of Round Table discussion <roundtable@muug.ca>
> Subject: [RndTbl] Re: shaw email blacklist

> On 2024-11-29 Scott Toderash wrote:
>> No, my server is the smarthost for a bunch of other servers that I
>> run. Various Shaw customers are the recipients. Regular folks.
>> Totally out of my control.
>> 
>> I am not a Shaw customer at all. That's what makes this more
>> difficult. They appear to have a private blacklist and I wish I could
>> find out more about it.

> Ah, so you're a server somewhere external to shaw just trying to get
> your emails through to people with @shaw email addresses, eh?  Yes, now
> RBLs make more sense.

> Are you getting blanket blocked by IP or just from-address blocked on
> certain domains you smarthost for?  Or even just certain email
> addresses within a domain?

> Bounce or drops?

> Have you made sure you are passing all DMARC, SPF, DKIM?  (See my
> presentation notes from May 7,
> 2024: https://muug.ca/meetings/23-24.html )

> I do similar to you, at a pretty massive scale, and I've never noticed
> a problem with Shaw in particular.  As all these companies (and their
> 3rd party providers) get stricter on DMARC/etc you may find RBL-like
> occurrences pop up -- but they are really DMARC/etc issues.

> Note, it looks like shaw outsources MX to cloudfilter.net, so you could
> investigate what they are doing for RBL and what they are requiring for
> DMARC, etc.  (Turning on DMARC reporting temporarily may help
> troubleshoot.)
> _______________________________________________
> Roundtable mailing list -- roundtable@muug.ca
> To unsubscribe send an email to roundtable-leave@muug.ca
_______________________________________________
Roundtable mailing list -- roundtable@muug.ca
To unsubscribe send an email to roundtable-leave@muug.ca