Ancestors

Toot

Written by Mythic Beasts on 2025-01-30 at 09:15

After nearly drowning in an alphabet soup of anti-spam acronyms whilst trying to explain to a customer why email forwarding doesn't work, Kelduum decided to let off steam on our blog. https://www.mythic-beasts.com/blog/2025/01/29/the-death-of-email-forwarding/

=> More informations about this toot | More toots from beasts@social.mythic-beasts.com

Descendants

Written by Extreme Electronics on 2025-01-30 at 09:23

@beasts I've lived with this increasing acronym soup for email deliverability, the biggest issue I have is there is no way to contact email providers anymore as a sender, Google, Microsoft Apple just ignore any problems. So sorting issues is 100% down to the smaller providers guessing the issue.

=> More informations about this toot | More toots from Extelec@mstdn.social

Written by Uilebheist on 2025-01-30 at 09:50

@Extelec @beasts Google, Microsoft and Apple just do not want smaller email providers to even exist.

So they'll do anything they can to stop them. Ignoring reports is the least one can expect, why would they do anything to help you when they are trying to stop you?

(And yes, I operate several small mail servers, I know exactly what we are up against).

=> More informations about this toot | More toots from Uilebheist@polyglot.city

Written by Extreme Electronics on 2025-01-30 at 09:54

@Uilebheist @beasts 100% agree.

=> More informations about this toot | More toots from Extelec@mstdn.social

Written by Mythic Beasts on 2025-01-30 at 09:55

@Extelec we feel your pain. If a mail goes missing in our system, it's our problem. If a mail goes missing after delivery to Gmail/Microsoft/whoever, it's our problem.

=> More informations about this toot | More toots from beasts@social.mythic-beasts.com

Written by Extreme Electronics on 2025-01-30 at 09:56

@beasts yes, and WE actually talk to our customers 😀

=> More informations about this toot | More toots from Extelec@mstdn.social

Written by Vesna Manojlović on 2025-01-30 at 09:26

^^^ something for security-wg @natural20

@beasts

=> More informations about this toot | More toots from becha@v.st

Written by Jonathan B ✈️🪄👨🏻‍💻 on 2025-01-30 at 09:29

@beasts Hmm, that probably rules out me forwarding family member’s email to their gmail or similar mailboxes to save on my storage then!

=> More informations about this toot | More toots from jmb@mastodon.me.uk

Written by Mythic Beasts on 2025-01-30 at 09:56

@jmb for Gmail, pull via POP3/IMAP works well enough, although a bit more fiddly to setup. And it should empty the inbox each time, so only briefly using storage on your account.

=> More informations about this toot | More toots from beasts@social.mythic-beasts.com

Written by scmbradley on 2025-01-30 at 09:39

@beasts having read this, I'm now interested in reading a hypothetical companion blog post about best practice on how I should configure my DNS records relating to email.

=> More informations about this toot | More toots from Scmbradley@mathstodon.xyz

Written by Iain Hallam on 2025-01-30 at 09:52

@beasts I've got exactly the situation you describe, with a small organisation wanting generic addresses for positions. We've settled on an external mailing list provider for now, but still sometimes have deliverability issues, and it costs us extra. Email forwarding has become our nemesis!

=> More informations about this toot | More toots from iainhallam@mstdn.social

Written by Phil M0OFX on 2025-01-30 at 10:16

@beasts This is a pain I know only too well. And of course, small mail providers are the only ones who have customer service now... not that we can give very good answers when the big players refuse to engage.

Embrace, extend, extinguish...

=> More informations about this toot | More toots from philpem@digipres.club

Written by Z80 Inside on 2025-01-30 at 12:38

@beasts I propose a unified scheme where we deal with all email problems by simply pasting a chunk of line noise into a TXT record. The advantage here is predictability: the problem will be exactly the same afterwards rather than becoming a slightly different problem.

=> More informations about this toot | More toots from raynerlucas@mastodon.social

Written by Chris Siebenmann on 2025-01-30 at 16:52

@beasts AFAIK DMARC doesn't normally require that the envelope sender passes SPF if From: is DKIM signed by the domain of the From: (what 'alignment' normally means in this context). We (a university department) successfully forward a lot of DKIM signed email to GMail despite not touching the envelope sender (so no SPF passing).

(People can creatively make their email non-forwardable (at least not easily) by having a narrow SPF and then no DKIM signature.)

=> More informations about this toot | More toots from cks@mastodon.social

Written by Mythic Beasts on 2025-01-30 at 17:01

@cks yes, for DMARC you need an aligned SPF pass OR a DKIM pass. If you're forwarding, the former isn't going to happen, so you're reliant on DKIM. Sensible people don't enable strict DMARC policies without first ensuring that they're DKIMing everything, so that shouldn't be an issue, but forwarding mail that isn't DKIM signed (and lots still isn't) is unlikely to be reliable, even if the sender hasn't explicitly said "p=reject".

=> More informations about this toot | More toots from beasts@social.mythic-beasts.com

Written by Chris Siebenmann on 2025-01-30 at 17:14

@beasts Yes, definitely non-DKIM email doesn't forward reliably even without DMARC policies. We've seen GMail reject non-DKIM signed email without an explicit DMARC policy on the domain; they seem to basically infer one. This isn't RFC compliant but they're the 800-kilo gorilla, what are we going to do.

=> More informations about this toot | More toots from cks@mastodon.social

Written by Mythic Beasts on 2025-01-30 at 17:20

@cks sadly, "you'll have to ask Google why they threw your mail away" is rarely the answer people are looking for 🙂

=> More informations about this toot | More toots from beasts@social.mythic-beasts.com

Written by Arnaud Gomes on 2025-01-30 at 17:04

@cks @beasts Depends where the mail is coming from, I guess. Many senders have a strict SPF policy and no DMARC, and even though large providers may not refuse the mail outright it will probably be tagged as spam.

=> More informations about this toot | More toots from nono@pleroma.oook.fr

Written by Erin 💽✨ on 2025-01-31 at 14:40

@cks @beasts yeah the description of DMARC alignment here seems to be just flat out wrong

=> More informations about this toot | More toots from erincandescent@erincandescent.net

Written by Mythic Beasts on 2025-01-31 at 18:44

@erincandescent @cks RFC7489 says "Identifier Alignment: When the domain in the RFC5322.From address matches a domain validated by SPF or DKIM (or both), it has Identifier Alignment."

The bit where we discuss alignment is only talking about SPF because it's in the context of why SRS doesn't help with DMARC. For SPF, alignment means envelope sender matches From (which it won't with SRS). For DKIM it means "d=" parameter matches From (which is normal)

=> More informations about this toot | More toots from beasts@social.mythic-beasts.com

Written by Michel Lind :fedora: :debian: on 2025-01-30 at 23:40

@beasts I've had some of these issues simply by sending mail to mailing lists via a custom domain and a smaller email provider... thank you for such a great write up

=> More informations about this toot | More toots from michelin@hachyderm.io

Written by martin on 2025-01-31 at 14:08

@beasts I guess the TL/DR is don't set DMARC for your domain unless you also have DKIM and you know that it's working.

=> More informations about this toot | More toots from mdonkin@mastodon.me.uk