Opened 6 years ago

Closed 6 years ago

#6314 closed Task/To do item (fixed)

sign up for feedback loops from major e-mail providers?

Reported by: https://id.mayfirst.org/dkg Owned by: https://id.mayfirst.org/jamie
Priority: High Component: Tech
Keywords: email delivery feedback-loop email-deliverability Cc:
Sensitive: no

Description

i stumbled across a collection of "feedback loop" information for major e-mail providers.

a feedback loop is a way to get information when someone from one of the providers has marked a message as spam.

It would provide us with an advance-warning notice if an account is compromised.

One thought would be to sign up for several of these to a specific/shared inbox, and then have some sort of shiftwork duty to monitor them and take appropriate action.

Change History (11)

comment:1 Changed 6 years ago by https://id.mayfirst.org/ross

  • Keywords email added; e-mail removed
  • Owner set to https://id.mayfirst.org/jamie
  • Status changed from new to assigned

comment:2 Changed 6 years ago by https://id.mayfirst.org/dkg

email-deliverability-status suggests that several of these feedback loops have been registered. However, it lists the feedback loops by corporate name, and supplies no information about where the feedback reports go, or how they're being monitored. more info would be helpful!

comment:3 Changed 6 years ago by https://id.mayfirst.org/jamie

This task is definitely in progress... that page is more of a place holder with notes than a reflection of what has already happened. I expect to have a good chunk of time this weekend to work on it and will give a more complete report back when I'm done.

comment:4 Changed 6 years ago by https://id.mayfirst.org/jamie

  • Priority changed from Medium to High

comment:5 Changed 6 years ago by https://id.mayfirst.org/jamie

  • Priority changed from High to Medium

This is may be an on-going project. I've updated the status page with more information about what is setup. On this first pass I've only worked on the IP addresses of our bulk mail servers. After going through just those IP addresses, I'm having doubts as to the impact of this strategy. None of the forms allowed me to login or otherwise easily manage our entries to add or remove IP addresses. I didn't bother with usa.net and Tucows because their forms seemed to be re-branded versions of Return Path (which I already filled out for Comcast and Roadrunner.

I think to fully get the benefit described in this ticket we would want to submit all IP addresses under our control and somehow manage to keep them up to date. Just thinking of that makes me reach for a pot of coffee.

I'm de-prioritizing for now, open to thoughts on how to proceed.

comment:6 Changed 6 years ago by https://id.mayfirst.org/obnoxious

Email deliverability is tough, especially with certain ESPs. Yahoo SMTP 421's a lot of mail, and Comcast does extremely agressive spam filtering. Hotmail can also be an agressive blocker. At least that's been my experience.

In some cases, having an SPF record can be a big help. For example, you could set up a `generic' mayfirst.org SPF record, which member organizations could `include' in their SPF records.

DKIM is also helpful, but it's a lot more work to set up. SPF is pretty easy to put together.

And yeah, Returnpath hosts FBLs for a lot of small ESPs. (For a fee, Returnpath will monitor your FBL notifications and do ESP remediation :)

comment:7 Changed 6 years ago by https://id.mayfirst.org/obnoxious

Ross notes that comment 6 could benefit from acronym definitions:

SPF = Sender policy framework

ESP = email service provider

FBL = feedback loop

comment:8 Changed 6 years ago by https://id.mayfirst.org/dkg

i'm pretty wary of the SPF model itself. Non-strict records aren't helpful in actually blocking spam, and strict records seems to to fall apart in some common mailing list cases (e.g.), as well as failing in some other forms of mail bouncing and redirection.

That said, if you think a non-strict SPF record would reduce the number of deliverability issues we have to deal with, i wouldn't try to stop someone from implementing it :) Maybe open that up as a separate ticket if you think it's worth pursuing?

comment:9 Changed 6 years ago by https://id.mayfirst.org/jamie

  • Priority changed from Medium to High

comment:10 Changed 6 years ago by https://id.mayfirst.org/jamie

  • Keywords email-deliverability added

comment:11 Changed 6 years ago by https://id.mayfirst.org/jamie

  • Resolution set to fixed
  • Status changed from assigned to closed
  • Summary changed from sign up for (and monitor) feedback loops from major e-mail providers? to sign up for feedback loops from major e-mail providers?

I'm breaking off the monitor part into a new ticket #6619 and closing this ticket (and I agree with dkg - adding SPF or other things should be handled in a different ticket). Maintaining feedback loops is an ongoing project, however, I think we've taken the first step.

Once we get a monitoring system in place and can generate some reports on the monitoring we may want to open a new ticket to review.

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.