Not wishing to hijack the Email error thread I have a closely related
problem.

In my case for many years I've not relayed outgoing mail via my ISP but
have sent it directly to the recipient's mailserver. In the original
thread it was said that having SPF, DMARC and DKIM records would solve
mail sending problems. I have all 3 and they did for years but suddenly
MS for example reject mail solely on the basis that a rDNS lookup does
not match my domain name but my ISP's. Like almost all ISP's mine wont
allow setting my static IP address to match with my domain. Thus I've
been 'forced' to relay mail via my ISP and lose all the benefits of
direct sending such as having a complete record of the SMTP transaction,
the email equivalent of Royal Mail Signed for Delivery.

Malcolm

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, 14 Jan 2025 20:52:48 +0000
Malcolm Loades <devnull@loades.net> wrote:

Not wishing to hijack the Email error thread I have a closely related problem.

In my case for many years I've not relayed outgoing mail via my ISP
but have sent it directly to the recipient's mailserver. In the
original thread it was said that having SPF, DMARC and DKIM records
would solve mail sending problems. I have all 3 and they did for
years but suddenly MS for example reject mail solely on the basis
that a rDNS lookup does not match my domain name but my ISP's. Like
almost all ISP's mine wont allow setting my static IP address to
match with my domain. Thus I've been 'forced' to relay mail via my
ISP and lose all the benefits of direct sending such as having a
complete record of the SMTP transaction, the email equivalent of
Royal Mail Signed for Delivery.

It's up to the whim of the mail server admin. I could do that if I
wanted, but it's stupid. No medium-to-large business ever sends mail
'from' its own domain. That's daft as well, because it makes it harder
to see if the mail is genuine, but it's the way things are done. It's
all outsourced, and any large business is likely to send mail from a
different IP address than its MX resolves to. Often two different
companies are involved, one for sending mail and another providing
anti-spam services for received mail.

I require the sender to have:

-complementary A/PTR records, the hostname not necessarily bearing any relationship to the Reply-To email address, therefore not the same as
the domain MX record.

-HELO/EHLO to be a hostname resolvable in public DNS, again not
necessarily related to the Reply-To domain.

-HELO/EHLO hostname *not* to be on my own domain, nor my IP address,
it's surprising how many spammers do this.

That's enough to discourage most bots, and I also require either a
response to an ident request (port 113) or not to drop the connection
for 30 seconds if it can't do that. That gets the rest of the bots, as
nobody runs an ident server these days and bots won't wait for 30
seconds, but a proper SMTP server will.

Anything more restrictive than that is counter-productive. I send mail
for currently three domains, and while the PTR specification does allow
for multiple records, I doubt that any software will handle more than
one.

MS wants everyone in the world to use Outlook or webmail. So far, I
haven't run into this problem, probably because nobody I currently send
to is outsourcing to MS. BT does.

--
Joe

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 14/01/2025 21:18, Andy Burns wrote:

Malcolm Loades wrote:

In the original thread it was said that having SPF, DMARC and DKIM
records would solve mail sending problems.

I don't think anyone said they would solve *all* email problems

I have all 3 and they did
for years but suddenly MS for example reject mail solely on the basis
that a rDNS lookup does not match my domain name

is it because it doesn't match, or is it because it includes giveaways
like "dsl" or "home" or "dynamic" in the rDNS?

Either way, amazed you didn't run into that at least a decade ago ...
not all ISPs are so mean that they won't do custom rDNS for static
subnets (e.g. plusnet do).

Uno were my ISP prior to FTTP availability and they did allow custom
DNS. For a little over a year MS didn't reject connections, it's only
in the last 2 months that it's happened.

Malcolm

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 14/01/2025 20:52, Malcolm Loades wrote:

Like almost all ISP's mine wont allow setting my static IP address to
match with my domain.

No. there are good reasons for that.

Thus I've been 'forced' to relay mail via my ISP

Set up your own relay on a VPS. They WILL allow the address to be mapped
to your domain

and lose all the benefits of direct sending such as having a complete
record of the SMTP transaction, the email equivalent of Royal Mail
Signed for Delivery.

'Fraid that isn't the case: delivery to the SMTP target of big mailers
like gmail doesn't mean it got to the recipient at all.

Will get kicked around anti-spam and other multiple servers before it
*may* get delivered

--
"I am inclined to tell the truth and dislike people who lie consistently.
This makes me unfit for the company of people of a Left persuasion, and
all women"

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 14/01/2025 21:51, The Natural Philosopher wrote:

On 14/01/2025 20:52, Malcolm Loades wrote:

Like almost all ISP's mine wont allow setting my static IP address to
match with my domain.

No. there are good reasons for that.

Thus I've been 'forced' to relay mail via my ISP

Set up your own relay on a VPS. They WILL allow the address to be mapped
to your domain

and lose all the benefits of direct sending such as having a complete
record of the SMTP transaction, the email equivalent of Royal Mail
Signed for Delivery.

'Fraid that isn't the case: delivery to the SMTP target of big mailers
like gmail doesn't mean it got to the recipient at all.

Will get kicked around anti-spam and other multiple servers before it
*may* get delivered

That's up to them is they want to redirect incoming mail via other
servers. But isn't it considered in law to have been delivered if
accepted by the registered mailserver? Reading has nothing to do with
it, it's their choice not to open something which has been delivered to
them?

Malcolm

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Malcolm Loades <devnull@loades.net> writes:

suddenly MS for example reject mail solely on the basis that
a rDNS lookup does not match my domain name but my ISP's.

For ages I have enabled this Postfix option

reject_unknown_client_hostname (with Postfix < 2.3:
reject_unknown_client) Reject the request when 1) the client IP
address->name mapping fails, or 2) the name->address mapping
fails, or 3) the name->address mapping does not match the client
IP address.

See this archive of my web site from 2007

https://web.archive.org/web/20070216214727/http://wylie.me.uk/cgi-bin/blosxom.cgi/static/mail-server-hints.html

I'm surprised that MS have taken so long to enforce this.

For my domain the reverse and forward lookups loop:
$ dig +short -x 82.68.155.94
wylie.me.uk.
$ dig +short wylie.me.uk
82.68.155.94

Is your problem that yours don't?

$ dig +short loades.net
77.72.1.18
$ dig +short -x 77.72.1.18
fermi.krystal.co.uk.

Like almost all ISP's mine wont allow setting my static IP address to
match with my domain.

My ISP, Zen, allows me to configure the reverse DNS lookup.

--
Alan J. Wylie https://www.wylie.me.uk/ mailto:<alan@wylie.me.uk>

Dance like no-one's watching. / Encrypt like everyone is.
Security is inversely proportional to convenience

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Malcolm Loades wrote:

In the original thread it was said that having SPF, DMARC and DKIM
records would solve mail sending problems.

I don't think anyone said they would solve *all* email problems

I have all 3 and they did
for years but suddenly MS for example reject mail solely on the basis
that a rDNS lookup does not match my domain name

is it because it doesn't match, or is it because it includes giveaways
like "dsl" or "home" or "dynamic" in the rDNS?

Either way, amazed you didn't run into that at least a decade ago ...
not all ISPs are so mean that they won't do custom rDNS for static
subnets (e.g. plusnet do).

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 14/01/2025 21:18, Andy Burns wrote:

Malcolm Loades wrote:

In the original thread it was said that having SPF, DMARC and DKIM
records would solve mail sending problems.

I don't think anyone said they would solve *all* email problems

I have all 3 and they did for years but suddenly MS for example reject
mail solely on the basis that a rDNS lookup does not match my domain name

is it because it doesn't match, or is it because it includes giveaways
like "dsl" or "home" or "dynamic" in the rDNS?

Either way, amazed you didn't run into that at least a decade ago ...
not all ISPs are so mean that they won't do custom rDNS for static
subnets (e.g. plusnet do).

I have my own domain and send and receive via my domain host (relayed
via my home server, but our PCs/mobile phones could go direct to our
domain host's servers). So my ISP has nothing to do with my email at
all. If I change ISPs, the only change for my email is the general
update of my domain records with my new static IP address.

So far, I am on my 4th ISP, without change to my email setup.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, 14 Jan 2025 23:26:01 +0000, SteveW wrote:

On 14/01/2025 21:18, Andy Burns wrote:

Malcolm Loades wrote:

In the original thread it was said that having SPF, DMARC and DKIM
records would solve mail sending problems.

I don't think anyone said they would solve *all* email problems

I have all 3 and they did for years but suddenly MS for example reject
mail solely on the basis that a rDNS lookup does not match my domain
name

is it because it doesn't match, or is it because it includes giveaways
like "dsl" or "home" or "dynamic" in the rDNS?

Either way, amazed you didn't run into that at least a decade ago ...
not all ISPs are so mean that they won't do custom rDNS for static
subnets (e.g. plusnet do).

I have my own domain and send and receive via my domain host (relayed
via my home server, but our PCs/mobile phones could go direct to our
domain host's servers). So my ISP has nothing to do with my email at
all. If I change ISPs, the only change for my email is the general
update of my domain records with my new static IP address.

So far, I am on my 4th ISP, without change to my email setup.

Same here, although I've been with the same ISP for nearly 23 years!

I also run my own DNS for all my domains, and so I keep SPF/DKIM/DMARC up
to date myself.



--
My posts are my copyright and if @diy_forums or Home Owners' Hub
wish to copy them they can pay me £1 a message.
Use the BIG mirror service in the UK: http://www.mirrorservice.org
*lightning surge protection* - a w_tom conductor

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 14/01/2025 22:05, Malcolm Loades wrote:

Will get kicked around anti-spam and other multiple servers before it
*may* get delivered

That's up to them is they want to redirect incoming mail via other
servers.  But isn't it considered in law to have been delivered if
accepted by the registered mailserver?  Reading has nothing to do with
it, it's their choice not to open something which has been delivered to
them?

I know of no such law.

I often get mail delivered out of sequence and it shows up as being held
in internal mail systems for sometimes hours, additionally I know from experience that I have dumped an email into gmails MX server and not
seen it received in the destination mailbox for many minutes.


--
"Fanaticism consists in redoubling your effort when you have
forgotten your aim."

George Santayana

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 15/01/2025 10:38, The Natural Philosopher wrote:

On 14/01/2025 22:05, Malcolm Loades wrote:

Will get kicked around anti-spam and other multiple servers before it
*may* get delivered

That's up to them is they want to redirect incoming mail via other
servers.  But isn't it considered in law to have been delivered if
accepted by the registered mailserver?  Reading has nothing to do with
it, it's their choice not to open something which has been delivered to
them?

I know of no such law.

An email I sent to a defendant against whom I was claiming in the County
Court denied receiving my emails as his defence. I produced the SMTP
log which showed acceptance by the defendant's mailserver of the emails,
the Judge accepted that the emails had been delivered to the defendant
and awarded Judgement in my favour.

Malcolm

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 16/01/2025 09:50, Malcolm Loades wrote:

On 15/01/2025 10:38, The Natural Philosopher wrote:

On 14/01/2025 22:05, Malcolm Loades wrote:

Will get kicked around anti-spam and other multiple servers before it
*may* get delivered

That's up to them is they want to redirect incoming mail via other
servers.  But isn't it considered in law to have been delivered if
accepted by the registered mailserver?  Reading has nothing to do with
it, it's their choice not to open something which has been delivered to
them?

I know of no such law.

An email I sent to a defendant against whom I was claiming in the County Court denied receiving my emails as his defence.  I produced the SMTP
log which showed acceptance by the defendant's mailserver of the emails,
the Judge accepted that the emails had been delivered to the defendant
and awarded Judgement in my favour.

Malcolm

That is not a law, that is a fairly shaky legal precedent. weak
circumstantial evidence.

About as unassailable as a picture of a parcel on your doorstep that the drivers mate comes along and removes 3 seconds later.


--
Renewable energy: Expensive solutions that don't work to a problem that
doesn't exist instituted by self legalising protection rackets that
don't protect, masquerading as public servants who don't serve the public.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 16 Jan 2025 at 09:50:08 GMT, "Malcolm Loades" <devnull@loades.net> wrote:

On 15/01/2025 10:38, The Natural Philosopher wrote:

On 14/01/2025 22:05, Malcolm Loades wrote:

Will get kicked around anti-spam and other multiple servers before it
*may* get delivered

That's up to them is they want to redirect incoming mail via other
servers. But isn't it considered in law to have been delivered if
accepted by the registered mailserver? Reading has nothing to do with
it, it's their choice not to open something which has been delivered to
them?

I know of no such law.

An email I sent to a defendant against whom I was claiming in the County Court denied receiving my emails as his defence. I produced the SMTP
log which showed acceptance by the defendant's mailserver of the emails,
the Judge accepted that the emails had been delivered to the defendant
and awarded Judgement in my favour.

How did you get hold of that log?

--
"I love the way that Microsoft follows standards. In much the same manner as fish follow migrating caribou."
- Paul Tomblin, ASR

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 16/01/2025 16:51, Tim Streater wrote:

On 16 Jan 2025 at 09:50:08 GMT, "Malcolm Loades" <devnull@loades.net> wrote:

On 15/01/2025 10:38, The Natural Philosopher wrote:

On 14/01/2025 22:05, Malcolm Loades wrote:

Will get kicked around anti-spam and other multiple servers before it >>>>> *may* get delivered

That's up to them is they want to redirect incoming mail via other
servers. But isn't it considered in law to have been delivered if
accepted by the registered mailserver? Reading has nothing to do with >>>> it, it's their choice not to open something which has been delivered to >>>> them?

I know of no such law.

An email I sent to a defendant against whom I was claiming in the County
Court denied receiving my emails as his defence. I produced the SMTP
log which showed acceptance by the defendant's mailserver of the emails,
the Judge accepted that the emails had been delivered to the defendant
and awarded Judgement in my favour.

How did you get hold of that log?

Would be on his sending machine - presumably a linux local relay. Or a
linux desktop

--
How fortunate for governments that the people they administer don't think.

Adolf Hitler

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 16 Jan 2025 at 17:15:49 GMT, "The Natural Philosopher"
<tnp@invalid.invalid> wrote:

On 16/01/2025 16:51, Tim Streater wrote:

On 16 Jan 2025 at 09:50:08 GMT, "Malcolm Loades" <devnull@loades.net> wrote: >>

On 15/01/2025 10:38, The Natural Philosopher wrote:

On 14/01/2025 22:05, Malcolm Loades wrote:

Will get kicked around anti-spam and other multiple servers before it >>>>>> *may* get delivered

That's up to them is they want to redirect incoming mail via other
servers. But isn't it considered in law to have been delivered if
accepted by the registered mailserver? Reading has nothing to do with >>>>> it, it's their choice not to open something which has been delivered to >>>>> them?

I know of no such law.

An email I sent to a defendant against whom I was claiming in the County >>> Court denied receiving my emails as his defence. I produced the SMTP
log which showed acceptance by the defendant's mailserver of the emails, >>> the Judge accepted that the emails had been delivered to the defendant
and awarded Judgement in my favour.

How did you get hold of that log?

Would be on his sending machine - presumably a linux local relay. Or a
linux desktop

Does his not imply he's getting the log either from a mail server he's
running, or that he's got it from the destination user's mail server?

--
Socialism only works in two places: Heaven where they don't need it, and Hell where they already have it.

Ronald Reagan

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 16 Jan 2025 18:00:16 GMT
Tim Streater <tim@streater.me.uk> wrote:

On 16 Jan 2025 at 17:15:49 GMT, "The Natural Philosopher" <tnp@invalid.invalid> wrote:

On 16/01/2025 16:51, Tim Streater wrote:

How did you get hold of that log?

Would be on his sending machine - presumably a linux local relay.
Or a linux desktop

Does his not imply he's getting the log either from a mail server he's running, or that he's got it from the destination user's mail server?

Yes, but there would be no point in forging it as the destination log
will have a matching entry which he cannot tamper with, and the owner
of that log would have no interest in also forging the entry.

As it's a legal case, I would expect him to have requested the
destination log, and as long as the owner wasn't a rogue operator like
Yahoo or Google, they could be expected to oblige.

--
Joe

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 16/01/2025 18:00, Tim Streater wrote:

On 16 Jan 2025 at 17:15:49 GMT, "The Natural Philosopher" <tnp@invalid.invalid> wrote:

On 16/01/2025 16:51, Tim Streater wrote:

On 16 Jan 2025 at 09:50:08 GMT, "Malcolm Loades" <devnull@loades.net> wrote:

On 15/01/2025 10:38, The Natural Philosopher wrote:

On 14/01/2025 22:05, Malcolm Loades wrote:

Will get kicked around anti-spam and other multiple servers before it >>>>>>> *may* get delivered

That's up to them is they want to redirect incoming mail via other >>>>>> servers. But isn't it considered in law to have been delivered if >>>>>> accepted by the registered mailserver? Reading has nothing to do with >>>>>> it, it's their choice not to open something which has been delivered to >>>>>> them?

I know of no such law.

An email I sent to a defendant against whom I was claiming in the County >>>> Court denied receiving my emails as his defence. I produced the SMTP
log which showed acceptance by the defendant's mailserver of the emails, >>>> the Judge accepted that the emails had been delivered to the defendant >>>> and awarded Judgement in my favour.

How did you get hold of that log?

Would be on his sending machine - presumably a linux local relay. Or a
linux desktop

Does his not imply he's getting the log either from a mail server he's running, or that he's got it from the destination user's mail server?

No.

You cab see in your own logs that the mail transaction completed OK. And
the remote machine said 'OK. I got it'

Doesn't guarantee the far end has read it mind you



--
Karl Marx said religion is the opium of the people.
But Marxism is the crack cocaine.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 16 Jan 2025 at 19:12:03 GMT, "Joe" <joe@jretrading.com> wrote:

On 16 Jan 2025 18:00:16 GMT
Tim Streater <tim@streater.me.uk> wrote:

On 16 Jan 2025 at 17:15:49 GMT, "The Natural Philosopher"
<tnp@invalid.invalid> wrote:

On 16/01/2025 16:51, Tim Streater wrote:

How did you get hold of that log?

Would be on his sending machine - presumably a linux local relay.
Or a linux desktop

Does his not imply he's getting the log either from a mail server he's
running, or that he's got it from the destination user's mail server?

Yes, but there would be no point in forging it as the destination log
will have a matching entry which he cannot tamper with, and the owner
of that log would have no interest in also forging the entry.

As it's a legal case, I would expect him to have requested the
destination log, and as long as the owner wasn't a rogue operator like
Yahoo or Google, they could be expected to oblige.

OK. I was just interested in the process.

--
"Hard" and "Soft" Brexit are code words for Leaving or Staying in the EU, rather than for the terms of our departure.

Jacob Rees-Mogg MP

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 16 Jan 2025 at 19:59:43 GMT, "The Natural Philosopher"
<tnp@invalid.invalid> wrote:

On 16/01/2025 18:00, Tim Streater wrote:

On 16 Jan 2025 at 17:15:49 GMT, "The Natural Philosopher"
<tnp@invalid.invalid> wrote:

On 16/01/2025 16:51, Tim Streater wrote:

On 16 Jan 2025 at 09:50:08 GMT, "Malcolm Loades" <devnull@loades.net> wrote:

On 15/01/2025 10:38, The Natural Philosopher wrote:

On 14/01/2025 22:05, Malcolm Loades wrote:

Will get kicked around anti-spam and other multiple servers before it >>>>>>>> *may* get delivered

That's up to them is they want to redirect incoming mail via other >>>>>>> servers. But isn't it considered in law to have been delivered if >>>>>>> accepted by the registered mailserver? Reading has nothing to do with >>>>>>> it, it's their choice not to open something which has been delivered to >>>>>>> them?

I know of no such law.

An email I sent to a defendant against whom I was claiming in the County >>>>> Court denied receiving my emails as his defence. I produced the SMTP >>>>> log which showed acceptance by the defendant's mailserver of the emails, >>>>> the Judge accepted that the emails had been delivered to the defendant >>>>> and awarded Judgement in my favour.

How did you get hold of that log?

Would be on his sending machine - presumably a linux local relay. Or a
linux desktop

Does his not imply he's getting the log either from a mail server he's
running, or that he's got it from the destination user's mail server?

No.

You cab see in your own logs that the mail transaction completed OK. And
the remote machine said 'OK. I got it'

Sure, but he could forge his own log. And if the other party (and the judge) were competely non-technical (and would thus not think of getting hold of the corresponding other-end's log), he might get away with it.

Doesn't guarantee the far end has read it mind you

This is also true.

--
The EU Parliament. The only parliament in the world that can neither initiate nor repeal legislation.

Robert Kimbell

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)