Hello!

https://blog.google/products/gmail/gmail-security-authentication-spam-protection/
Google announced that it will enforce the usage of DKIM for servers
that send more than 5000 messages per day to Google servers.

How will you handle this?

I am not in the situation that I operate such a big server, but my
employee is and we are thinking about how to handle that.

DKIM has the problem that most mailing list managers don't rewrite the
From: header in the mail, so DKIM will fail when somebody with a DKIM
enabled domain uses such a mailing list and the subscriber's system
checks DKIM.

--
Gruß
Marco

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

For your reference, records indicate that
Marco Moock <mm+usenet-es@dorfdsl.de> wrote:

https://blog.google/products/gmail/gmail-security-authentication-spam-prote= ction/
Google announced that it will enforce the usage of DKIM for servers
that send more than 5000 messages per day to Google servers.

How will you handle this?

No change. Google and other cloud providers have long be the largest
source of abuse that I’ve seen, so their IP space is already largely
blocked. If you still have recipients that use Gmail, simply inform
them that Google controls will no longer allow them to receive your
messages next year. They can then decide if they want to take it up
with Google, get a new email provider, or simply stop receiving your
messages.

I am not in the situation that I operate such a big server, but my
employee is and we are thinking about how to handle that.

As someone who runs a *very* small server (i.e., it would take me over
a *decade* to send Google servers 5000 messages), it was my experience
that they were already rejecting non-DKIM messages. This real issue
is that *Google* runs a service that is too large for them to manage
properly. Not being a spammer, I’m not going to jump through a lot of
hoops because *they* have a spam problem.

--
"Also . . . I can kill you with my brain."
River Tam, Trash, Firefly

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Am 07.10.2023 um 15:57:27 Uhr schrieb Doc O'Leary ,:

As someone who runs a *very* small server (i.e., it would take me
over a *decade* to send Google servers 5000 messages), it was my
experience that they were already rejecting non-DKIM messages.

I can properly send messages to Google with my server via IPv6 without
DKIM, but with SPF.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

For your reference, records indicate that
Marco Moock <mm+usenet-es@dorfdsl.de> wrote:

I can properly send messages to Google with my server via IPv6 without
DKIM, but with SPF.

Great for you, but their deliverability differs greatly, and their rules
for the differences are often opaque, with unhelpful error messages when
they reject a message. Regardless, the burden is on Google to explain
how their users will receive mailing list messages, or that they won’t,
or how much free labor they’re expecting the world to take on once again
to reach their users. For me, that amount hovers right around zero,
because I’ve gotten little benefit from all the hoops I’ve already jumped through to reach Gmail users.

--
"Also . . . I can kill you with my brain."
River Tam, Trash, Firefly

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Doc O'Leary , <droleary.usenet@2023.impossiblystupid.com> wrote:

For your reference, records indicate that
Marco Moock <mm+usenet-es@dorfdsl.de> wrote:

https://blog.google/products/gmail/gmail-security-authentication-spam-protection/
Google announced that it will enforce the usage of DKIM for servers
that send more than 5000 messages per day to Google servers.

How will you handle this?

No change. Google and other cloud providers have long be the largest
source of abuse that I've seen, so their IP space is already largely
blocked. If you still have recipients that use Gmail, simply inform
them that Google controls will no longer allow them to receive your
messages next year. They can then decide if they want to take it up
with Google, get a new email provider, or simply stop receiving your messages.

I guess that's one solution, but it's unlikely to have smooth
outcomes for any organisation sending over 5000 legitimate messages
per day. In an ideal world I agree that it should be up to Google's
users to switch to a better email provider themselves though.

I am not in the situation that I operate such a big server, but my
employee is and we are thinking about how to handle that.

As someone who runs a *very* small server (i.e., it would take me over
a *decade* to send Google servers 5000 messages), it was my experience
that they were already rejecting non-DKIM messages.

That was my experience too, and deliverablility to Gmail accounts
seems much improved since I set up DKIM and DMARC, in addition to
SPF which was already configured. I suspect that Google don't
consider small email server operators important enough to be worth
talking to in the first place, so they're only mentioning it now
that they're planning to apply similar rules to bigger operators.
Of course it would be bad PR to admit that, so the post is worded
to suggest that this is all new policy.

Based on the ads that were in their own guides for setting up DKIM
and DMARC, there's no doubt that it's also a manufactured
opportunity for Google to push their commercial email hosting
services onto the admins of self-hosted email servers who don't
want to face setting up DKIM.

--
__ __
#_ < |\| |< _#

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Am 23.10.2023 um 13:20:47 Uhr schrieb Otto J. Makela:

Marco Moock <mm+usenet-es@dorfdsl.de> wrote:

DKIM has the problem that most mailing list managers don't rewrite
the From: header in the mail, so DKIM will fail when somebody with
a DKIM enabled domain uses such a mailing list and the subscriber's
system checks DKIM.

Technically it should be possible to pass messages through a mailing
list server with the DKIM signature intact, as long as the "SMTP From"
(often called Sender) isn't originally included as a part, and you
don't mess around with the message content (including Subject line
tagging).

If you change anything that is signed (depends on senders DKIM
settings), DKIM will fail.

Many mailing lists append a footer and that will make it fail.
There are 2 options: Don't alter the message at all, DKIM will pass OR
replace From: with your own domain and replace the DKIM signature with
your own.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Marco Moock <mm+usenet-es@dorfdsl.de> wrote:

DKIM has the problem that most mailing list managers don't rewrite the
From: header in the mail, so DKIM will fail when somebody with a DKIM
enabled domain uses such a mailing list and the subscriber's system
checks DKIM.

Technically it should be possible to pass messages through a mailing
list server with the DKIM signature intact, as long as the "SMTP From"
(often called Sender) isn't originally included as a part, and you don't
mess around with the message content (including Subject line tagging).
--
/* * * Otto J. Makela <om@iki.fi> * * * * * * * * * */
/* Phone: +358 40 765 5772, ICBM: N 60 10' E 24 55' */
/* Mail: Mechelininkatu 26 B 27, FI-00100 Helsinki */
/* * * Computers Rule 01001111 01001011 * * * * * * */

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Marco Moock <mm+usenet-es@dorfdsl.de> wrote:

Am 23.10.2023 um 13:20:47 Uhr schrieb Otto J. Makela:

Technically it should be possible to pass messages through a
mailing list server with the DKIM signature intact, as long as
the "SMTP From" (often called Sender) isn't originally included
as a part, and you don't mess around with the message content
(including Subject line tagging).

If you change anything that is signed (depends on senders DKIM
settings), DKIM will fail.

Indeed, that is the whole point of it.

Many mailing lists append a footer and that will make it fail.

Yes, or as I said, so will a "Subject" line tag. IMHO footer
appending is a pretty doomed attempt with MIME/html messages anyway.

There are 2 options: Don't alter the message at all, DKIM will pass OR replace From: with your own domain and replace the DKIM signature with
your own.

I prefer not messing with the message contents at all, just glue on
"List-ID" and other such housekeeping headers and send it on.

If the "From" gets replaced (I assume with the mailing list address?),
mailing lists would break the way traditional mailing lists work, and
list members won't be able to reply off-list. Unless of course, one also
does some kind of magic with "Reply-To" (RFC5322) and/or "Original-From" (RFC5703) headers, thus making it the replying client software's
responsibility to decode them correctly for replies?

--
/* * * Otto J. Makela <om@iki.fi> * * * * * * * * * */
/* Phone: +358 40 765 5772, ICBM: N 60 10' E 24 55' */
/* Mail: Mechelininkatu 26 B 27, FI-00100 Helsinki */
/* * * Computers Rule 01001111 01001011 * * * * * * */

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)