!GzgmQVAObunAgMNkvU:matrix.org

FSUG-TVM Main (Free Software User Group, Thiruvananthapuram)

368 Members
Anyone can see what you discuss here | Website: https://tvm.fsug.in/ | Meetings History: https://git.fosscommunity.in/fsugtvm/meetings46 Servers

Load older messages


SenderMessageTime
11 Jul 2020
@niranjnn01:matrix.orgrakesh Gokul Das (Telegram): 13:49:43
@niranjnn01:matrix.orgrakeshGokul, some time back, you were having issues with your personal email not getting delivered in certain cases. I believe you had set up the mail server on your own ?13:50:40
@niranjnn01:matrix.orgrakeshHow did it go. has the deliverability increased ?13:51:42
@niranjnn01:matrix.orgrakeshover time. 13:51:47
@gokuldas:matrix.orggoku12
In reply to @niranjnn01:matrix.org
How did it go. has the deliverability increased ?

rakesh: I still have the email server and very much prefer it. The deliverability is still a hit and miss and varies overtime.

The main reason for mail drop is rampant spam. Spam filters assign your outgoing mails a score based on many factors. Sometimes, an entire IP block may get blacklisted due to spam. You'll have to choose a reliable service provider who monitors spam from their network. There are other measures like ensuring DKIM signing, SPF and reverse DNS which improve your spam score considerably.

My spam filter scores were never bad enough to be ever dropped. Herein lies the second problem. Email service providers like Google (gmail, gsuite) and Microsoft (hotmail, office 365) drops mails from independent servers like mine despite having a good score. There was no information on why it was so (was it their own spam filtering algorithm?) and how it could be corrected. Google's postmastertools won't even work unless your service has a large traffic like a mail advertiser. Your mails won't even show up in the spam folders of Microsoft servers.

After a while, people started complaining and it became clear that Google and Microsoft are doing it intentionally to kill off all independent servers and consolidate all email service on their servers. They are actively trying to kill off email federation. It's not a fault of your server setup.

After a lot of criticism, Google relented a little and some mails seemed to get through for a while. Now it feels like they are back at it again when the criticism died down. Microsoft is still a black hole.

However, my mail deliverability has always been good with independent mail servers - like university servers or service sign-ups. That's good enough for me. I have decided not to cow down to those who abuse internet ecosystem like this.

People using gmail can reach me because sending mails to me marks my address as legitimate. For those using Microsoft - bad choice!

14:19:29
@gokuldas:matrix.orggoku12

@niranjnn01:matrix.org: Here is what you need to do:

  • Make sure your IP and domain are not blacklisted. You can contact them to have it removed in case it is.
  • Setup reverse DNS
  • Setup DKIM signing
  • Setup SPF
14:22:16
@telegram_182879327:tchncs.deJeevachaithanyan Sivanandan (Telegram)Could you please DM me ? regarding the actual requirement you / your friend have ?14:23:41
@niranjnn01:matrix.orgrakeshI stumbled upon a video . It says emails can get dropped based on "reputation" of the sending server. which is based on bounce rates, replies to emails. and some other matrices etc. It was more a email marketing related channel though. But then again, I was wondering if it were true, ones reputation would increase over time, and wanted to check with you. https://www.youtube.com/watch?v=6_Y2Tsmu_PE 14:38:12
@niranjnn01:matrix.orgrakesh * I stumbled upon a video . It says emails can get dropped based on "reputation" of the sending server. which is based on bounce rates, replies to emails. and some other matrices etc. It was more a email marketing related channel though. But then again, I was wondering if it were true, ones reputation would increase over time, and wanted to check with you. https://www.youtube.com/watch?v=6_Y2Tsmu_PE 14:40:27
@telegram_574862449:tchncs.deDay Dreamer (Telegram)
In reply to @gokuldas:matrix.org

rakesh: I still have the email server and very much prefer it. The deliverability is still a hit and miss and varies overtime.


The main reason for mail drop is rampant spam. Spam filters assign your outgoing mails a score based on many factors. Sometimes, an entire IP block may get blacklisted due to spam. You'll have to choose a reliable service provider who monitors spam from their network. There are other measures like ensuring DKIM signing, SPF and reverse DNS which improve your spam score considerably.


My spam filter scores were never bad enough to be ever dropped. Herein lies the second problem. Email service providers like Google (gmail, gsuite) and Microsoft (hotmail, office 365) drops mails from independent servers like mine despite having a good score. There was no information on why it was so (was it their own spam filtering algorithm?) and how it could be corrected. Google's postmastertools won't even work unless your service has a large traffic like a mail advertiser. Your mails won't even show up in the spam folders of Microsoft servers.


After a while, people started complaining and it became clear that Google and Microsoft are doing it intentionally to kill off all independent servers and consolidate all email service on their servers. They are actively trying to kill off email federation. It's not a fault of your server setup.


After a lot of criticism, Google relented a little and some mails seemed to get through for a while. Now it feels like they are back at it again when the criticism died down. Microsoft is still a black hole.


However, my mail deliverability has always been good with independent mail servers - like university servers or service sign-ups. That's good enough for me. I have decided not to cow down to those who abuse internet ecosystem like this.


People using gmail can reach me because sending mails to me marks my address as legitimate. For those using Microsoft - bad choice!

👍 nice observation
15:26:32
@telegram_7351948:tchncs.deshriMADhav \\ U കെ // (Telegram) changed their profile picture.16:59:12
@gokuldas:matrix.orggoku12 Day Dreamer (Telegram): Thanks! 18:55:25
@gokuldas:matrix.orggoku12

'Reputation' is one of those marketing speak that big corporations like G/MS use to confuse and take advantage of users. In reality it's as anti-competitive as Apple preventing third party repairs citing 'privacy and security concerns'. Here is the final line - a private email server (personal or SME's) will never get enough 'reputation' to skip the spam folder on these big players. Only email marketers will ever get that much traffic. In short, it is a horrible policy that hurts legitimate server operators like us and rewards mass spammers.

However, it's important to understand the technical reasons behind this to know why this is just wrong. Spamming is a real issue with emails. So how does servers solve that? Spam is filtered by spam filters like spam-assasin and rspamd. How do they work?

  1. Does the mail have patterns of spam? Market speak like viagra, lottery etc?
  2. Does the IP or domain name of the server have history of spamming? If so, it ends up in blacklists
  3. Is the server legitimate?
  • It is assumed to be legitimate if reverse DNS on the server's IP matches its domain name
  • RDNS is possible only if the IP block owner assigns you one. It means that your server is authorized
  1. Is the message really from that server?
  • This is true if message is signed using a DKIM private key
  • The DKIM public key is in a DNS record
  • This means that the server owner is also the DNS zone owner

If all these matches, then the spam filter will assume that your mail is legitimate. You spam score will be good and your mail will end up in the inbox. However if mails from your server contains too much spammy stuff and the correspondents mark it spam too many times, you will lose reputation and your domain/IP will end up in block lists. Simple strategy - prove your legitimacy and you're innocent until proven guilty.

However, G/MS does it the other way round. You are guilty until proven innocent. No matter how many technical hurdles you have to jump through to prove your legitimacy, you still have to generate large enough traffic before they consider you legitimate. Normal personal and SME servers have no reason to generate that much traffic. But why so? They just don't want you to set up your own mail server. They want you to setup an account with them so that you'll pay through your nose either with money or with private data. As simple as that. 'Reputation' is a simple way of saying: "We don't wan't you in the game". Classic monopoly abuse.

19:28:01
@gokuldas:matrix.orggoku12
In reply to @niranjnn01:matrix.org
I stumbled upon a video . It says emails can get dropped based on "reputation" of the sending server. which is based on bounce rates, replies to emails. and some other matrices etc.

It was more a email marketing related channel though. But then again, I was wondering if it were true, ones reputation would increase over time, and wanted to check with you.

https://www.youtube.com/watch?v=6_Y2Tsmu_PE

*

'Reputation' is one of those marketing speak that big corporations like G/MS use to confuse and take advantage of users. In reality it's as anti-competitive as Apple preventing third party repairs citing 'privacy and security concerns'. Here is the final line - a private email server (personal or SME's) will never get enough 'reputation' to skip the spam folder on these big players. Only email marketers will ever get that much traffic. In short, it is a horrible policy that hurts legitimate server operators like us and rewards mass spammers.

However, it's important to understand the technical reasons behind this to know why this is just wrong. Spamming is a real issue with emails. So how does servers solve that? Spam is filtered by spam filters like spam-assasin and rspamd. How do they work?

  1. Does the mail have patterns of spam? Market speak like viagra, lottery etc?
  2. Does the IP or domain name of the server have history of spamming? If so, it ends up in blacklists
  3. Is the server legitimate?
  • It is assumed to be legitimate if reverse DNS on the server's IP matches its domain name
  • RDNS is possible only if the IP block owner assigns you one. It means that your server is authorized
  1. Is the message really from that server?
  • This is true if message is signed using a DKIM private key
  • The DKIM public key is in a DNS record
  • This means that the server owner is also the DNS zone owner

If all these matches, then the spam filter will assume that your mail is legitimate. You spam score will be good and your mail will end up in the inbox. However if mails from your server contains too much spammy stuff and the correspondents mark it spam too many times, you will lose reputation and your domain/IP will end up in block lists. Simple strategy - prove your legitimacy and you're innocent until proven guilty.

However, G/MS does it the other way round. You are guilty until proven innocent. No matter how many technical hurdles you have to jump through to prove your legitimacy, you still have to generate large enough traffic before they consider you legitimate. Normal personal and SME servers have no reason to generate that much traffic. But why so? They just don't want you to set up your own mail server. They want you to setup an account with them so that you'll pay through your nose either with money or with private data. As simple as that. 'Reputation' is a simple way of saying: "We don't wan't you in the game". Classic monopoly abuse.

19:29:07
@niranjnn01:matrix.orgrakesh I see.
Thanks for your thoughts. It was insightful 👍
20:07:03
12 Jul 2020
@kobold:kde.orgkobold 21:59:14
13 Jul 2020
@telegram_127886774:tchncs.deAnjali G (Telegram) changed their profile picture.12:16:46
@telegram_409300472:tchncs.demidhun raj (Telegram)Rdns means?15:34:07
@telegram_409300472:tchncs.demidhun raj (Telegram)
In reply to @gokuldas:matrix.org

'Reputation' is one of those marketing speak that big corporations like G/MS use to confuse and take advantage of users. In reality it's as anti-competitive as Apple preventing third party repairs citing 'privacy and security concerns'. Here is the final line - a private email server (personal or SME's) will never get enough 'reputation' to skip the spam folder on these big players. Only email marketers will ever get that much traffic. In short, it is a horrible policy that hurts legitimate server operators like us and rewards mass spammers.


However, it's important to understand the technical reasons behind this to know why this is just wrong. Spamming is a real issue with emails. So how does servers solve that? Spam is filtered by spam filters like spam-assasin and rspamd. How do they work?



  1. Does the mail have patterns of spam? Market speak like viagra, lottery etc?

  2. Does the IP or domain name of the server have history of spamming? If so, it ends up in blacklists

  3. Is the server legitimate?



  • It is assumed to be legitimate if reverse DNS on the server's IP matches its domain name

  • RDNS is possible only if the IP block owner assigns you one. It means that your server is authorized



  1. Is the message really from that server?



  • This is true if message is signed using a DKIM private key

  • The DKIM public key is in a DNS record

  • This means that the server owner is also the DNS zone owner


If all these matches, then the spam filter will assume that your mail is legitimate. You spam score will be good and your mail will end up in the inbox. However if mails from your server contains too much spammy stuff and the correspondents mark it spam too many times, you will lose reputation and your domain/IP will end up in block lists. Simple strategy - prove your legitimacy and you're innocent until proven guilty.


However, G/MS does it the other way round. You are guilty until proven innocent. No matter how many technical hurdles you have to jump through to prove your legitimacy, you still have to generate large enough traffic before they consider you legitimate. Normal personal and SME servers have no reason to generate that much traffic. But why so? They just don't want you to set up your own mail server. They want you to setup an account with them so that you'll pay through your nose either with money or with private data. As simple as that. 'Reputation' is a simple way of saying: "We don't wan't you in the game". Classic monopoly abuse.


Nice write up
15:40:09
@gokuldas:matrix.orggoku12
In reply to @telegram_409300472:tchncs.de
Rdns means?

Thanks for the compliment! R-DNS is reverse DNS. IF you have access to linux, try these out:

dig fastmail.com
dig -x 66.111.4.148

The first one is a regular DNS lookup (A record) that finds the IP address for a domain name. The second one is the reverse DNS. It finds the domian name for an IP address.

15:48:08
@gokuldas:matrix.orggoku12

Every IP address has a reverse DNS address that can be found using a reverse DNS lookup (PTR record). However, if you try this with your own IP address, you are going to get a very generic domain name related to your ISP instead of a clean name like fastmail.com. Try it against you home IP address.

Both forward DNS and reverse DNS records are published on DNS servers. However, it wont work unless you have authority over that zone. I will explain what this means. Let's say that you have a DNS server where you publish records for example.com, www.example.com and home.example.com. Those records and the server are useless unless you own the example.com domain name. In case you do, the DNS root server (owned by some big companies) will delegate the authority of example.com zone to your DNS server using SOA records.

Here lies a big difference between forward and reverse DNS. The authority over your domain name (example.com in this case) is delegated to your DNS server by the domain name registrar - the company from whom you bought the domain name (Gandi, Namecheap, Godaddy). The authority of reverse DNS is delegated to you by your Internet service provider (domestic ISPs dont do this. Corporate ISPs like VSNL, NKN etc do) or your cloud host. That's because they own the IP blocks and the corresponding R-DNS zones of your server.

This is very important. Anyone can buy a domain name, point it at an IP and serve email from there. However, reverse dns can be set only if your ISP or cloud host allows you to. This specialty is used by mail servers to recognize spam. If an RDNS record is available for a mail server, it means that their ISP/cloud provider vouches for it. ISPs and cloud hosts take extra precaution with RDNS because spam can get their IPs blacklisted. In my case, the cloud host did provide R-DNS, but they blocked outgoing mail port by default. I had to talk to them over phone and convince them to unblock it. There was another case where I had to send papers to an ISP to add an R-DNS PTR record.

16:14:38
@telegram_12794551:tchncs.deGokul Das (Telegram) midhun 👆🏼 16:15:31
@ignujee:matrix.orgiGNUjee(തൻസീം)hi, any docker experts here..16:33:51
@gokuldas:matrix.orggoku12
In reply to @ignujee:matrix.org
hi, any docker experts here..
I reckon there are a few. Try it!
16:34:29
@telegram_7351948:tchncs.deshriMADhav \\ U കെ // (Telegram) changed their profile picture.17:21:43
@telegram_576598551:tchncs.deAbraham Raji (Telegram) changed their profile picture.22:35:05
14 Jul 2020
@sujithps:matrix.orgleonidas joined the room.15:12:36
@telegram_409300472:tchncs.demidhun raj (Telegram) https://www.portainer.io/ 18:14:19
@telegram_409300472:tchncs.demidhun raj (Telegram) @GokulDas thanks for the information. I read it 3 to 4 times. Since I haven't worked much with dns these info was new to me. Thanks for the write up 18:19:27
@telegram_12794551:tchncs.deGokul Das (Telegram) midhun : I recommend everyone get a personal domain name these days. It's no longer a corporate thing. More people are losing access to all their online stuff because their email accounts are locked without explanation. Choose a registrar you can trust to not act the same way. 19:05:42

There are no newer messages yet.


Back to Room List