Some Subscribers Posts To The List Ending Up In Gmail Spam

Home » CentOS » Some Subscribers Posts To The List Ending Up In Gmail Spam
CentOS 5 Comments

Did we work out the technical reason why some users that post to the list are getting dumped into gmail spam?

Ta,

Andrew

5 thoughts on - Some Subscribers Posts To The List Ending Up In Gmail Spam

  • It is most probably due to the various issues around dmarc, dkim and mailing list servers for which there is currently no great solution to the problem. If, for example I look at the your message (in this case, the one I am responding to), I see the following:

    1. The message has intact a dkim signature from gmail, so the CentOS
    mailman server is not stripping the dkim sig from the original
    sender, which recent versions of mailman can be configured to do.
    2. The CentOS mailman server adds its own footer, changing the checksum
    of the message, so the dkim signature is no longer valid, therefore
    when any receiving mail server checks the DKIM sig it fails as it
    did with my own mailserver.
    3. The CentOS server does NOT add its own DKIM sig and appears to have
    no DMARC record in the DNS (dig txt _dmarc.CentOS.org.) These are
    not necessarily a good idea anyway for mail coming from a mailing
    list server because in order to add a DKIM sig the from of the
    message would have to be changed to name@CentOS.org since the
    mailman server can’t itself sign for a sender from another domain.

    I’m not suggesting that DKIM or DMARC are a good solution to anything, however several of the FREEMAIL providers do pay attention to these things, so the CentOS mailserver admin might want to consider having mailman strip existing DKIM sig’s from the mail (or alternatively not adding a footer). You can check the mailman doc/mailing list for other relevent options for working around these problems.

    . I believe that if, in your gmail account, you keep marking as “NOT
    SPAM” any false positives it will send more of these messages to the right folder.

    There has been an abundance of discussions in the past about these issues on the various mailman, dmarc and dkim mailing lists as well as in many other places. This whole issue hit the fan early in 2014 when yahoo and aol changed their DMARC policy to reject incoming mail that failed the DMARC test. Gmail, however, does not enforce the “reject” in others DMARC policy, but instead sends the email to the spambox (gmail also may send email to the spambox if it has no DKIM signature at all). I found that when I added (valid) DKIM signatures and a DMARC record for my domains, recipient freemail users messages started going to their inbox instead of their spambox.

    Nataraj

  • No, I don’t think it will ever learn from that,, but there is a way you can set a rule to ‘never mark as spam’ based on the sender. Which wouldn’t be fun on a list with a lot of yahoo.com members.

    It was discussed here, I think both before and after the mailman changes were available.

  • Gmail has many different criteria that it uses for detecting spam. One of the things they do is to keep a credibility score based on the IP
    address of a mailserver. In general, they like to see all of the mail for a domain coming from a single IP address. Since mail.CentOS.org uses a single IP address, this is not the problem here.

    If one wanted to improve this situation, my sense is that the next thing to do would be to strip off the DKIM signatures which have incorrect checksums.

    After that, the next thing that would improve gmail’s spam scoring of list mail would be to add a valid DKIM signature, but that is messier for a mailing list because it would mean ugly rewriting of the from header. It is possible that simply stripping the original senders DKIM’s would solve the problem.

    Nataraj

LEAVE A COMMENT