Hi,
After fixing all issues with mailman I want to reduce the chance for email being marked as spam, especially from Gmail. I have added SPF and DKIM records and I am now using dkimvalidator to debug the emails being sent. Here is what I'm getting from spam evaluation:
*0.3 FROM_LOCAL_HEX From: localpart has long hexadecimal sequence*
My guess is that the From address is very large, for example:
mylist-confirm+3eafa5bd24e52738c900e2e3fd05e366b7ea7580@myproject.eu
Is there any way to mitigate this problem?
Thank you,
*Kyriakos Terzopoulos*
Web developer / e-learning expert
*Tel:*+30 211 213 9858
*Mobile:* +30 694 526 4512
- E-mail: *kyriakos.terzopoulos@gmail.com
- Skype:* kyriakos.terzopoulos Find me on Facebook <http://www.facebook.com/cirrus3d> Follow me on Twitter <http://twitter.com/#%21/cirrus3d>
On Tue, Oct 31, 2023 at 11:56 AM Kyriakos Terzopoulos < kyriakos.terzopoulos@gmail.com> wrote:
Hi,
After fixing all issues with mailman I want to reduce the chance for email being marked as spam, especially from Gmail. I have added SPF and DKIM records and I am now using dkimvalidator to debug the emails being sent. Here is what I'm getting from spam evaluation:
*0.3 FROM_LOCAL_HEX From: localpart has long hexadecimal sequence*
My guess is that the From address is very large, for example:
mylist-confirm+3eafa5bd24e52738c900e2e3fd05e366b7ea7580@myproject.eu
Is there any way to mitigate this problem?
Since mailman is doing what it is supposed to, and doing it correctly, I am not understanding what you want. Is Gmail classifying that email as spam?
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) [How to ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html]
Kyriakos Terzopoulos writes:
Here is what I'm getting from spam evaluation:
*0.3 FROM_LOCAL_HEX From: localpart has long hexadecimal sequence*
This spam checker is probably misconfigured, unless users are actually being targeted with backscatter from list confirmation notices. It should recognize the last instance of '-' or '+' as dividing the "true" mailbox from a user-specified tag. This is a common method for implementing a secure identification of the source of an address.
In this case, it allows Mailman to identify which subscription request is being confirmed, and proves that the confirmation request was sent by Mailman itself.
My guess is that the From address is very large, for example:
mylist-confirm+3eafa5bd24e52738c900e2e3fd05e366b7ea7580@myproject.eu
Is there any way to mitigate this problem?
Not really. It is not perfect, but this is by far the most effective way to prevent people from maliciously signing others up to mailing lists, unless you have an alternative source of verified email addresses (such as the organization's LDAP member database).
Steve
On 10/31/23 01:55, Kyriakos Terzopoulos wrote:
My guess is that the From address is very large, for example:
mylist-confirm+3eafa5bd24e52738c900e2e3fd05e366b7ea7580@myproject.eu
Is there any way to mitigate this problem?
The string 'mylist-confirm+3eafa5bd24e52738c900e2e3fd05e366b7ea7580' is created according to the setting
verp_confirm_format: $address+$cookie
in the [mta] section of mailman.cfg. You could override that by setting
[mta]
verp_confirm_format: $address
or maybe even something like `` [mta] verp_confirm_format: $address+no_reply
in mailman.cfg, but then you would also need to provide edited versions
of the templates list:user:action:unsubscribe, list:user:action:invite
and list:user:action:subscribe to remove the bits about 'simply replying
to this message'.
Note that your spamassassin report is only assigning a score of 0.3 to
FROM_LOCAL_HEX which isn't very much. Plus, there's no evidence that
Gmail's proprietory spam checks even care about this.
--
Mark Sapiro <mark@msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
participants (4)
-
Kyriakos Terzopoulos -
Mark Sapiro -
Odhiambo Washington -
Stephen J. Turnbull