Gmail (thus Nanog) rejecting ipv6 email

• Previous message (by thread): Gmail (thus Nanog) rejecting ipv6 email
• Next message (by thread): Gmail (thus Nanog) rejecting ipv6 email
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On 3 Apr 2022, at 00:29, Michael Thomas <mike at mtcc.com> wrote:
> 
> 
> On 4/2/22 3:23 PM, Jeroen Massar via NANOG wrote:
>> Hi Dan,
>> 
>> Hope the rest of the world is treating you decently!
>> 
>> There are a lot of bits and bobs that one has to get right for mail to flow, amongst which:
>> 
>>  - IP -> PTR lookup -> that hostname lookup, and match to IP again
>>    (https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS)
>>  - SPF
>>  - DKIM
>>  - DMARC
>>  - ARC (for mailinglists)
> 
> Seriously spend zero time on ARC. It doesn't work as advertised... [snip, see below]

Unless one works at the large ESPs, hard to tell what they really care about and verify.

Google at least adds ARC headers in Gmail, and did the editing of RFC8617.

MS seems to do something with it:
 https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/use-dmarc-to-validate-email?view=o365-worldwide#how-microsoft-365-utilizes-authenticated-received-chain-arc

and https://prodmarc.com/knowledge/authenticated-received-chain/ states:
8<----
Who has adopted ARC? 

Google has added ARC verification and sealing to their email services (Gmail, G Suite, and Google Groups). The popular Mailing List Manager (MLM) software Sympa incorporated ARC in v6.2.38, and ARC is being incorporated into the next release of the Mailman MLM –  ARC configuration directives are already in the online documentation.

The commercial MTAs Halon and MailerQ incorporate ARC, and the milters authentication_milter and OpenARC can be used to deploy ARC with the Postfix, Oracle Communications Messaging Server, and Sendmail MTAs. Several open-source libraries and modules are already available for those who need to integrate ARC functions into their systems.
----->8

thus there is at least that for ARC.

For one project that sends a rather decent amount of email, adopting DMARC/ARC and @via rewriting made all mail go through (at least all the google reception works), though there might be other factors at work: unless you work in the closed corp and on that project, impossible to know why your mail really gets rejected.


> ...  and is basically snake oil.

Unfortunately it is April 3rd, so two days late, but you are thinking of another acronym:

BIMI -- https://bimigroup.org

Now, THAT is snakeoil, or well, a scam is more like it: if you can pay and they like you, you get a logo, anybody else is out... marketing companies of the world (and the once earning money for bits ala domains and worse EV SSL certs... rejoice)

At least they are 'honest' about the scam:
https://bimigroup.org/vmcs-arent-a-golden-ticket-for-bimi-logo-display/

but the big ones support it too .... https://support.google.com/a/answer/10911432?hl=en

but https://bimigroup.org/bimi-generator/

BIMI record not found for gmail.com.
BIMI record not found for google.com.
BIMI record not found for yahoo.com.
BIMI record not found for microsoft.com.

Interesting as https://bimigroup.org/bimi-infographic/ claims they 'support' it... view only maybe? but from where?


At least there is:
BIMI record found for bimigroup.org, and is BIMI compliant

v=BIMI1; l=https://bimigroup.org/bimi-sq.svg; a=
https://bimigroup.org/bimi-sq.svg


Oh well, 3rd of April, not the 1st... yet another Internet money printing thing...

Greets,
 Jeroen

• Previous message (by thread): Gmail (thus Nanog) rejecting ipv6 email
• Next message (by thread): Gmail (thus Nanog) rejecting ipv6 email
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]