[ih] Email from Yahoo

Jack Haverty jack at 3kitty.org
Sat Feb 10 11:16:10 PST 2024 

A few months ago, after getting tired of all the "I never got your 
email" reports, I did a deep dive into email to try and figure out 
what's happening.   I wrote one of the first email servers back in the 
early 1970s, so I thought I might still be able to figure it out.

Bottom line - it's a mess.  I won't put everyone asleep with all the 
details of the protocol alphabet soup, but here's the steps I did to get 
my email working as well as seems possible now:

1) Verify that your own email is following all of the current anti-spam 
schemes.  One easy way to test is by using the site 
https://www.mail-tester.com/   When you go to that site it will display 
an email address to you.  Don't close your browser, but start up your 
email program on any handy device.  Using your regular email program, 
send an email to that address.  Then go back to the browser after a few 
minutes and click on "Test Your Score" to get your report.   If you 
don't get a 10/10 score, fix whatever is wrong until you do.  Fixing may 
require setting up appropriate SPF, DKIM, and/or DMARC records, which 
you may have to ask your email provider's customer support to do.   In 
my case, I had to switch email providers to one that understood what I 
was talking about.   I now get a 10/10 on mail from jack at 3kitty.org.

Having done #1, the mail you send should now be fairly impervious to 
various anti-spam filters that your mail may encounter in its travels.

However, that won't necessarily make your mail reliable when it passes 
through "forwarders" such as this list, or googlegroups, or yahoogroups, 
or group.io, etc.   You need to check each such list to determine how it 
handles your mail as it gets forwarded to the addressees in the 
associated list.

2) Determine whether or not your mail is altered in any way as it passes 
through the forwarder.  If it is altered, it is no longer the same 
message you sent.  Many forwarders change your message, e.g., by 
deleting images, by adding some kind of "banner" at the top or bottom 
identifying the list, changing the "from" field to indicate that the 
message came from the list, etc.

If your message is altered in transit, there are consequences.  For 
example, if you digitally "sign" your mail using PGP, the digital 
signature will indicate to the recipients that the signature has been 
forged.

3) Even if your message is passed through intact (as it appears Joe has 
done for this list), it may be rejected by various recipients' mail 
servers.   Your message appears to be from you (e.g., this one from 
jack at 3kitty.org).  But the recipient server receives it from the 
isoc.org mail server, rather than from the 3kitty.org mail server.   The 
recipient server may discard your mail since it didn't come from an 
authorized 3kitty.org sender.

As far as I have found, the only way to avoid such rejections is for 
you, the sender, to change your SPF/DKIM/DMARC settings to authorize 
each forwarder you use as a legitimate sender of your email.  For 
example, I could add isoc.org as an authorized sender of mail from 
3kitty.org.   However, if I did that, anyone could send mail from 
isoc.org impersonating me.   That sounds like a bad idea.

4) If you have your own domain, you can get more information about how 
your mail is being treated by the anti-spam mechanisms that mail 
providers have put in place.  By setting up an appropriate DMARC entry, 
mail servers for your recipients will send you email with reports on how 
they handled email you sent to their mailboxes. Again, you have to work 
with your mail provider to get the appropriate configurations in place.

I now get email from all sorts of mail systems, telling me how email I 
have sent was treated when it arrived at its destination.   Much of it 
still reports failures, e.g., because I haven't done #4, or because a 
forwarder along the way has tampered with what I originally sent.

It will be interesting to see what this message triggers and what kind 
of reports I get back....

Hope this helps someone,
Jack Haverty

PS - using "reply all" to list messages can cause confusion.  Your reply 
may be sent not only to the list, but also to other addresses such as 
the person who sent the message you reply to.   It's common to get the 
same message multiple times - e.g., once through the distribution list 
and once through a direct path.   One may succeed and the other fail, or 
you might get both.  I'm not sure, but it also seems that some 
distribution systems look at the headers and avoid sending a message to 
someone if their address also appears in the To: or Cc: fields of the 
message being processed.   That avoids some duplicates but can be 
confusing when you don't receive what you expected to receive.   Like I 
said - it's a mess...


-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <http://elists.isoc.org/pipermail/internet-history/attachments/20240210/9ae007c5/attachment.asc>

More information about the Internet-history mailing list