Gmail and Mailing List
Hi, Do you know a way to set gmail to recognize our mailing list? I don't know how to do it.
On Fri, 10 Mar 2023, Andrea paz via Cin wrote:
Do you know a way to set gmail to recognize our mailing list? I don't know how to do it.
Andrea, it is because of DMARC authentication failure, see mail headers: Return-Path: <[email protected]> ....... Authentication-Results: nioch.nioch.nsc.ru; dmarc=fail (p=none dis=none) header.from=lists.cinelerra-gg.org ^^^^^^^^^^ Authentication-Results: nioch.nioch.nsc.ru; spf=none [email protected] (client-ip=94.16.115.56) ....... Received: from lists.cinelerra-gg.org (v22018103128575622.happysrv.de [94.16.115.56]) ....... X-Received-SPF: none receiver=nioch.nioch.nsc.ru client-ip=94.16.115.56 envelope-from=<[email protected]> @lists.cinelerra-gg.org has neither its own DKIM nor DNS SPF record. Either the admin of the @lists.cinelerra-gg.org mail server has to implement generation of DKIM signatures and attaching them to emails submitted from this mailing list, Or the admin of the lists.cinelerra-gg.org DNS domain has to add the proper SPF records to the DNS zone file. Only the corresponding admin can do that, for us, users, this is not possible. _______________________________________________________________________________ Georgy Salnikov NMR Group Novosibirsk Institute of Organic Chemistry Lavrentjeva, 9, 630090 Novosibirsk, Russia Phone +7-383-3307864 Email [email protected] _______________________________________________________________________________
In reading Google's https://support.google.com/mail/answer/81126?hl=en on this issue, I submitted a request to have them stop blocking our email. From that url reference, it states the requirement for SPF or DKIM is for new senders rather than existing ones. See quote below "Important: Starting November 2022, new senders who send email to personal Gmail accounts must set up either SPF or DKIM. Google performs random checks on new sender messages to personal Gmail accounts to verify they’re authenticated. Messages without at least one of these authentication methods will be rejected or marked as spam. This requirement doesn’t apply to you if you’re an existing sender. However, we recommend you always set up SPF and DKIM to protect your organization’s email and to support future authentication requirements." Also, I "think" we do have DKIM implemented (their note says SPF OR DKIM) if I interpret further down on the "Original Message Header" where it says: X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=tC7A9s8TYaZ/CGSJrVYNtkOfA1/MYvlOmV3tooyZOs4=; But anyway, I will see if I can figure out how to implement SPF like they suggest. A lot of the things I am trying to do is quite difficult for me and beyond my skill set. ...Phyllis On Friday, March 10, 2023 at 12:56:53 AM MST, Georgy Salnikov via Cin <[email protected]> wrote: On Fri, 10 Mar 2023, Andrea paz via Cin wrote:
Do you know a way to set gmail to recognize our mailing list? I don't know how to do it.
Andrea, it is because of DMARC authentication failure, see mail headers: Return-Path: <[email protected]> ....... Authentication-Results: nioch.nioch.nsc.ru; dmarc=fail (p=none dis=none) header.from=lists.cinelerra-gg.org ^^^^^^^^^^ Authentication-Results: nioch.nioch.nsc.ru; spf=none [email protected] (client-ip=94.16.115.56) ....... Received: from lists.cinelerra-gg.org (v22018103128575622.happysrv.de [94.16.115.56]) ....... X-Received-SPF: none receiver=nioch.nioch.nsc.ru client-ip=94.16.115.56 envelope-from=<[email protected]> @lists.cinelerra-gg.org has neither its own DKIM nor DNS SPF record. Either the admin of the @lists.cinelerra-gg.org mail server has to implement generation of DKIM signatures and attaching them to emails submitted from this mailing list, Or the admin of the lists.cinelerra-gg.org DNS domain has to add the proper SPF records to the DNS zone file. Only the corresponding admin can do that, for us, users, this is not possible. _______________________________________________________________________________ Georgy Salnikov NMR Group Novosibirsk Institute of Organic Chemistry Lavrentjeva, 9, 630090 Novosibirsk, Russia Phone +7-383-3307864 Email [email protected] _______________________________________________________________________________ -- Cin mailing list [email protected] https://lists.cinelerra-gg.org/mailman/listinfo/cin
On Fri, 10 Mar 2023, Phyllis Smith wrote:
requirement doesn\u2019t apply to you if you\u2019re an existing sender. However, we recommend you always set up SPF and DKIM to protect your organization\u2019s email and to support future authentication requirements."
As I would understand, Google warns that, although you as an existing sender are not (yet) applied to SPF/DKIM requirements, be prepared that the policy can change soon and without further notice.
Also, I "think" we do have DKIM implemented (their note says SPF OR DKIM)
Google requires DMARC authentication, what literally means "either DKIM or SPF or both".
if I interpret further down on the "Original Message Header" where it says: X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
No, Phyllis, X-Google-DKIM-Signature is not a real DKIM although it looks like DKIM. X-Google-DKIM-Signature is an additional private header inserted by Google - perhaps to propagate this signature between diverse Google mail relays. And if somebody other submits his email to the CGG mailing list not from Google's account but from some other account, there will be no X-Google-DKIM-Signature header in that email at all. The real DKIM header is: "DKIM-Signature:" and is normally inserted by the mailserver where the email was first originated. This header contains a special hash computed from several other headers, most important, the From:, Subject:, To: headers and, may be, the email body itself. For mailing lists it is a catastrophe as maillists usually add their own headers to ensure that all the maillist members get emails, and then the old DKIM hash does not match the edited headers. But if maillist server recomputes DKIM, DMARC will still fail because From: does not correspond to maillist domain any more. So, the DKIM solution is difficult.
But anyway, I will see if I can figure out how to implement SPF like they suggest. A lot of the things I am trying to do is quite difficult for me and beyond my skill set. ...Phyllis
SPF is much easier to implement, but this is a job of the administrator of the primary server of the DNS domain where the mailing list resides, not your job, Phyllis. The users, even if privileged to some extent, have no permissions to edit DNS zones on nameservers. _______________________________________________________________________________ Georgy Salnikov NMR Group Novosibirsk Institute of Organic Chemistry Lavrentjeva, 9, 630090 Novosibirsk, Russia Phone +7-383-3307864 Email [email protected] _______________________________________________________________________________
participants (3)
-
Andrea paz -
Georgy Salnikov -
Phyllis Smith