Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Google plans to enforce DKIM for bulk mail in 2024
146 views
Skip to first unread message
Marco Moock
Oct 6, 2023, 2:04:42 PM10/6/23
to
Hello!
https://blog.google/products/gmail/gmail-security-authentication-spam-protection/
Google announced that it will enforce the usage of DKIM for servers
that send more than 5000 messages per day to Google servers.
How will you handle this?
I am not in the situation that I operate such a big server, but my
employee is and we are thinking about how to handle that.
DKIM has the problem that most mailing list managers don't rewrite the
From: header in the mail, so DKIM will fail when somebody with a DKIM
enabled domain uses such a mailing list and the subscriber's system
checks DKIM.
--
Gruß
Marco
https://blog.google/products/gmail/gmail-security-authentication-spam-protection/
Google announced that it will enforce the usage of DKIM for servers
that send more than 5000 messages per day to Google servers.
How will you handle this?
I am not in the situation that I operate such a big server, but my
employee is and we are thinking about how to handle that.
DKIM has the problem that most mailing list managers don't rewrite the
From: header in the mail, so DKIM will fail when somebody with a DKIM
enabled domain uses such a mailing list and the subscriber's system
checks DKIM.
--
Gruß
Marco
Marco Moock
Oct 7, 2023, 4:04:09 PM10/7/23
to
Am 07.10.2023 um 15:57:27 Uhr schrieb Doc O'Leary ,:
> As someone who runs a *very* small server (i.e., it would take me
> over a *decade* to send Google servers 5000 messages), it was my
> experience that they were already rejecting non-DKIM messages.
I can properly send messages to Google with my server via IPv6 without
DKIM, but with SPF.
> As someone who runs a *very* small server (i.e., it would take me
> over a *decade* to send Google servers 5000 messages), it was my
> experience that they were already rejecting non-DKIM messages.
I can properly send messages to Google with my server via IPv6 without
DKIM, but with SPF.
Computer Nerd Kev
Oct 8, 2023, 7:28:47 PM10/8/23
to
Doc O'Leary , <drolear...@2023.impossiblystupid.com> wrote:
> For your reference, records indicate that
> source of abuse that I've seen, so their IP space is already largely
> blocked. If you still have recipients that use Gmail, simply inform
> them that Google controls will no longer allow them to receive your
> messages next year. They can then decide if they want to take it up
> with Google, get a new email provider, or simply stop receiving your
> messages.
I guess that's one solution, but it's unlikely to have smooth
outcomes for any organisation sending over 5000 legitimate messages
per day. In an ideal world I agree that it should be up to Google's
users to switch to a better email provider themselves though.
>> I am not in the situation that I operate such a big server, but my
>> employee is and we are thinking about how to handle that.
>
seems much improved since I set up DKIM and DMARC, in addition to
SPF which was already configured. I suspect that Google don't
consider small email server operators important enough to be worth
talking to in the first place, so they're only mentioning it now
that they're planning to apply similar rules to bigger operators.
Of course it would be bad PR to admit that, so the post is worded
to suggest that this is all new policy.
Based on the ads that were in their own guides for setting up DKIM
and DMARC, there's no doubt that it's also a manufactured
opportunity for Google to push their commercial email hosting
services onto the admins of self-hosted email servers who don't
want to face setting up DKIM.
--
__ __
#_ < |\| |< _#
> For your reference, records indicate that
> Marco Moock <mm+use...@dorfdsl.de> wrote:
>
>> https://blog.google/products/gmail/gmail-security-authentication-spam-protection/
>> Google announced that it will enforce the usage of DKIM for servers
>> that send more than 5000 messages per day to Google servers.
>>
>> How will you handle this?
>
> No change. Google and other cloud providers have long be the largest
>
>> https://blog.google/products/gmail/gmail-security-authentication-spam-protection/
>> Google announced that it will enforce the usage of DKIM for servers
>> that send more than 5000 messages per day to Google servers.
>>
>> How will you handle this?
>
> source of abuse that I've seen, so their IP space is already largely
> blocked. If you still have recipients that use Gmail, simply inform
> them that Google controls will no longer allow them to receive your
> messages next year. They can then decide if they want to take it up
> with Google, get a new email provider, or simply stop receiving your
> messages.
I guess that's one solution, but it's unlikely to have smooth
outcomes for any organisation sending over 5000 legitimate messages
per day. In an ideal world I agree that it should be up to Google's
users to switch to a better email provider themselves though.
>> I am not in the situation that I operate such a big server, but my
>> employee is and we are thinking about how to handle that.
>
> As someone who runs a *very* small server (i.e., it would take me over
> a *decade* to send Google servers 5000 messages), it was my experience
> that they were already rejecting non-DKIM messages.
That was my experience too, and deliverablility to Gmail accounts
> a *decade* to send Google servers 5000 messages), it was my experience
> that they were already rejecting non-DKIM messages.
seems much improved since I set up DKIM and DMARC, in addition to
SPF which was already configured. I suspect that Google don't
consider small email server operators important enough to be worth
talking to in the first place, so they're only mentioning it now
that they're planning to apply similar rules to bigger operators.
Of course it would be bad PR to admit that, so the post is worded
to suggest that this is all new policy.
Based on the ads that were in their own guides for setting up DKIM
and DMARC, there's no doubt that it's also a manufactured
opportunity for Google to push their commercial email hosting
services onto the admins of self-hosted email servers who don't
want to face setting up DKIM.
--
__ __
#_ < |\| |< _#
Otto J. Makela
Oct 23, 2023, 6:20:50 AM10/23/23
to
Marco Moock <mm+use...@dorfdsl.de> wrote:
> DKIM has the problem that most mailing list managers don't rewrite the
> From: header in the mail, so DKIM will fail when somebody with a DKIM
> enabled domain uses such a mailing list and the subscriber's system
> checks DKIM.
Technically it should be possible to pass messages through a mailing
> DKIM has the problem that most mailing list managers don't rewrite the
> From: header in the mail, so DKIM will fail when somebody with a DKIM
> enabled domain uses such a mailing list and the subscriber's system
> checks DKIM.
list server with the DKIM signature intact, as long as the "SMTP From"
(often called Sender) isn't originally included as a part, and you don't
mess around with the message content (including Subject line tagging).
--
/* * * Otto J. Makela <o...@iki.fi> * * * * * * * * * */
/* Phone: +358 40 765 5772, ICBM: N 60 10' E 24 55' */
/* Mail: Mechelininkatu 26 B 27, FI-00100 Helsinki */
/* * * Computers Rule 01001111 01001011 * * * * * * */
Marco Moock
Oct 23, 2023, 6:55:56 AM10/23/23
to
Am 23.10.2023 um 13:20:47 Uhr schrieb Otto J. Makela:
> Marco Moock <mm+use...@dorfdsl.de> wrote:
>
> > DKIM has the problem that most mailing list managers don't rewrite
> > the From: header in the mail, so DKIM will fail when somebody with
> > a DKIM enabled domain uses such a mailing list and the subscriber's
> > system checks DKIM.
>
> Technically it should be possible to pass messages through a mailing
> list server with the DKIM signature intact, as long as the "SMTP From"
> (often called Sender) isn't originally included as a part, and you
> don't mess around with the message content (including Subject line
> tagging).
If you change anything that is signed (depends on senders DKIM
> Marco Moock <mm+use...@dorfdsl.de> wrote:
>
> > DKIM has the problem that most mailing list managers don't rewrite
> > the From: header in the mail, so DKIM will fail when somebody with
> > a DKIM enabled domain uses such a mailing list and the subscriber's
> > system checks DKIM.
>
> Technically it should be possible to pass messages through a mailing
> list server with the DKIM signature intact, as long as the "SMTP From"
> (often called Sender) isn't originally included as a part, and you
> don't mess around with the message content (including Subject line
> tagging).
settings), DKIM will fail.
Many mailing lists append a footer and that will make it fail.
There are 2 options: Don't alter the message at all, DKIM will pass OR
replace From: with your own domain and replace the DKIM signature with
your own.
Otto J. Makela
Oct 27, 2023, 12:53:29 PM10/27/23
to
Marco Moock <mm+use...@dorfdsl.de> wrote:
> Am 23.10.2023 um 13:20:47 Uhr schrieb Otto J. Makela:
>> Technically it should be possible to pass messages through a
>> mailing list server with the DKIM signature intact, as long as
>> the "SMTP From" (often called Sender) isn't originally included
>> as a part, and you don't mess around with the message content
>> (including Subject line tagging).
>
> If you change anything that is signed (depends on senders DKIM
> settings), DKIM will fail.
Indeed, that is the whole point of it.
> Am 23.10.2023 um 13:20:47 Uhr schrieb Otto J. Makela:
>> Technically it should be possible to pass messages through a
>> mailing list server with the DKIM signature intact, as long as
>> the "SMTP From" (often called Sender) isn't originally included
>> as a part, and you don't mess around with the message content
>> (including Subject line tagging).
>
> If you change anything that is signed (depends on senders DKIM
> settings), DKIM will fail.
> Many mailing lists append a footer and that will make it fail.
appending is a pretty doomed attempt with MIME/html messages anyway.
> There are 2 options: Don't alter the message at all, DKIM will pass OR
> replace From: with your own domain and replace the DKIM signature with
> your own.
"List-ID" and other such housekeeping headers and send it on.
If the "From" gets replaced (I assume with the mailing list address?),
mailing lists would break the way traditional mailing lists work, and
list members won't be able to reply off-list. Unless of course, one also
does some kind of magic with "Reply-To" (RFC5322) and/or "Original-From"
(RFC5703) headers, thus making it the replying client software's
responsibility to decode them correctly for replies?
0 new messages