moderated With regard to Groups.io being blacklisted


Brian Vogel <britechguy@...>
 

This message is mostly aimed at Mark.   A user on one of the blind technology groups I moderate made the following two posts, and given what I know about e-mail under the hood I suspect they may have merit.   If they don't, that's fine, but it's always worth passing along something that may be able to help resolve this recurring issue.  There is a lot of overlap between the two messages, but I'm still including both below.

----------------------------------------------------------------------
It may be possible that groups.io isn't being blacklisted
per say, but it's just not clearing the security filters of earthlinks
mail servers. I'm not a member of a google group or a yahoo group, so
I couldn't test their mail servers. I did however, find the groups.io
mail servers don't pass DMARC security protocols. The SPF record and
DKIM records did pass, however,
many sysadmins are using DMARC as the new gold standard for mail
security. If someone could check the headers of a google or yahoo
group email and check to see if they pass the DMARC test, it would let
us know if this is fixable, or would your idea of having earthlink
white list all of groups.io be a better approach to solving this
issue. If someone at groups.io looks at the following, it may shed
some light on the problem at hand.

for a DKIM alignment to pass, the "From" domain must match the "d="
domain of the DKIM signature.
The "d=" domain is: groups.io
The "From" domain is: gmail.com

For the SPF alignment to pass the "Return-path" domain must match the
"From" domain.
The "Return-Path" domain is: groups.io
The "From" domain is: google.com

One or both of those need to match in order for DMARC to pass. Now, we
are talking about a listserv, so I'm not exactly sure on how to go
about correcting this problem, or if it can be fixed at all, but I
wanted to throw it out there for you to investigate.
----------------------------------------------------------------------
I don't mean to disagree with you and Joseph or for that
matter, defend the actions of these large companies and their
practices. I only ment to point out this may be fixable from the
groups.io side of the fence. DMARC standards have been adopted because
of their ability to eliminate "spoofing' and other fraud perpetrated
by spammers to send, what looks like legitimate email, but in
actuality is just some type of scam or spam. Groups.io has accurately
posted the SPF record and DKIM key pairs, but there's no DMARC record
on file. Without a DMARC record explaining their mailing systems
explicitly, they are considered out of alignment. The groups.io
webmasters could create this .txt record and apply it to the DNS
record to show these hyper-active spam filters that all groups.io mail
is legitimate and should be passed through. Creating a DMARC record is
not too difficult, especially since a blind guy on a tech list has
done it dozens of times, lol. Anyway, without knowing the details of
how their servers are set up I can only speculate as to the reasons
why they don't give this a try. It I know some folks on the list have
had success twisting arms and getting some companies to do the right
thing, but I've never had any myself, so I thought I'd throw in an
alternate suggestion on how to stop this from happening. Hope this
message doesn't sound like I'm trying to undermine your efforts, that
isn't my intention.
----------------------------------------------------------------------
--

Brian - Windows 10 Home, 64-Bit, Version 1809, Build 17763 

     I can hire one half of the working class to kill the other half.

           ~ Jay Gould, U.S. financier & railroad robber baron (1836 - 1892)


 

Mark has referred to DMARC here so many times that I'd be stunned if he's not already doing everything necessary to pass. (Caveat, I am clueless about all DMARC issues. Just pointing that out. :)
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


Brian Vogel <britechguy@...>
 

J,

            So much water passes under the bridge in beta, and sometimes at whitewater speed, that there is no way I can keep up with it all seeing as I'm a drop in-drop out reader of beta.

            I know that Mark will not take offense (I hope) at an attempt at assisting, however late and misguided it may have been.
--

Brian - Windows 10 Home, 64-Bit, Version 1809, Build 17763 

     I can hire one half of the working class to kill the other half.

           ~ Jay Gould, U.S. financier & railroad robber baron (1836 - 1892)


 

Brian, True about water under the bridge! And that was possibly very helpful. Just wanted you to know.


On Sun, Mar 3, 2019 at 11:03 AM Brian Vogel <britechguy@...> wrote:
J,

            So much water passes under the bridge in beta, and sometimes at whitewater speed, that there is no way I can keep up with it all seeing as I'm a drop in-drop out reader of beta.

            I know that Mark will not take offense (I hope) at an attempt at assisting, however late and misguided it may have been.
--

Brian - Windows 10 Home, 64-Bit, Version 1809, Build 17763 

     I can hire one half of the working class to kill the other half.

           ~ Jay Gould, U.S. financier & railroad robber baron (1836 - 1892)


--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


 

Brian,

A user on one of the blind technology groups I moderate made the
following two posts,
The first one contains correct information that, as J said, is well known to Mark (and others in the email business).

In fact, Groups.io is already compliant with DMARC for messages sent by members whose email service have published a DMARC reject policy. This includes Yahoo Mail, AOL and others. You can see the effect in the "From" address (received by email) of messages posted by such members. This has been referred to with the slang verb "mung", as in "as a DMARC work-around we mung the member's From address".
https://groups.io/static/help#dmarc

The example failed DMARC because it was a message from a user of Gmail, and Gmail does not publish the reject policy for DMARC. So Groups.io passed the member's From address through unmodified.


In the second post, the only effect of having Groups.io publish a DMARC record would be for Groups.io to collect information about possible spoofing of its domain, and to tell receiving email systems what to do when that has been detected.

This would apply only to notices generated by groups.io using its own domain in the From address. This includes things like calendar event notices, member notices and mail sent in the name of a group's +owner address -- as well as messages posted by members whose address have been munged.

Most messages, from members using sensible email services, contain the posting member's From domain, and would be processed by the receiving service according to DMARC record (if any) of the posting member's service, not Groups.io's DMARC record.

Shal