Request for CSV support to aid deliverability.

elvey · 24th August 2005, 06:08 AM

J&R: Please consider adding records like this to your DNS servers.

If you have any questions about these, please do ask, but please look over http://wiki.fastmail.fm/index.php/Ce...ver_Validation first.

CSV doesn't have any of the risk of false positives due to forwarding that SPF has.

Code:

;Authorize use of outn.smtp.messagingengine.com in HELOs (http://mipassoc.org/csv/csa-finch.html)
;Don't say that other machines can't use other smtp.messagingengine.com HELOs.
_client._smtp.out1.smtp.messagingengine.com.    SRV 1 2 0 out1.smtp.messagingengine.com.
_client._smtp.out2.smtp.messagingengine.com.    SRV 1 2 0 out2.smtp.messagingengine.com.
_client._smtp.out3.smtp.messagingengine.com.    SRV 1 2 0 out3.smtp.messagingengine.com.
_client._smtp.out4.smtp.messagingengine.com.    SRV 1 2 0 out4.smtp.messagingengine.com.
_client._smtp.out5.smtp.messagingengine.com.    SRV 1 2 0 out5.smtp.messagingengine.com.
;Or if you prefer: Do say that other machines can't use other smtp.messagingengine.com HELOs.
;Uncomment these instead:
;_client._smtp.out1.smtp.messagingengine.com.   SRV 1 2 1 out1.smtp.messagingengine.com.
;_client._smtp.out2.smtp.messagingengine.com.   SRV 1 2 1 out2.smtp.messagingengine.com.
;_client._smtp.out3.smtp.messagingengine.com.   SRV 1 2 1 out3.smtp.messagingengine.com.
;_client._smtp.out4.smtp.messagingengine.com.   SRV 1 2 1 out4.smtp.messagingengine.com.
;_client._smtp.out5.smtp.messagingengine.com.   SRV 1 2 1 out5.smtp.messagingengine.com.

brong · 29th August 2005, 08:50 AM

You know that list of reasons why a proposed spam control technique is stupid - I can't see this ticking any of them! It does seem a very sensible idea.

I've just installed it for my own domain (brong.net) and the other DNS I host there (none of which should be sending through any other server...)

_client._smtp IN SRV 1 1 1 brong.net
_client._smtp.paragon IN SRV 1 2 1 paragon.brong.net

It's really that easy

I suspect we'll be going the 1 2 1 route and adding the other servers (mx1-4 and ext1) as well, but I'll chat to Jeremy and Rob about it today. We can also put in 1 1 1 records for every other domain we own, since they should never be used for SMTP EHLO. Of course we can't really do anything for customer owned domains since they might be using their own hosts.

JRobert · 29th August 2005, 10:24 PM

I think something cool just took place, but I'm not sure what it is. Could one of you summarize it in a paragraph or two for someone with at very limited to no knowledge of the network-level details of mail routing? Thanks!

-jeff-

brong · 30th August 2005, 12:27 AM

There are three pieces of information on the so called "envelope" of an email message - the pieces of information that mail transfer agents use to decide where to shuffle data.

1) Sending server (HELO/EHLO)
2) Sender email (MAIL FROM)
3) Recipient email (RCPT TO) - possibly multiple

Most anti-spam techniques have concentrated on verifying (2) or (3) above. This one addresses (1) instead.

Only the owner of a domain can publish DNS records for that domain, so by publishing the records Elvey has suggested above, we are asserting that the only "sending servers" for our domain are the ones listed. Any other server which claims to be "something.messagingengine.com" is then known to be fake, and hence mail from it can be safely discarded.

Further, we can generate records for fastmail.fm, eml.cc, etc - in which we say that there are NO servers which send mail called "something.fastmail.fm". All email for those domains comes from out{n}.smtp.messagingengine.com or from ISP servers which have their own domains.

Does that help at all?

Bron.

elvey · 30th August 2005, 02:40 AM

Quote:

Originally posted by JRobert
I think something cool just took place, but I'm not sure what it is. Could one of you summarize it in a paragraph or two for someone with at very limited to no knowledge of the network-level details of mail routing? Thanks!

-jeff-

Sure; read the first section of the url (http://wiki.fastmail.fm/index.php/Ce...ver_Validation) in my original post. Your question suggests it's aimed right at your level.

There are links in there to other descriptions ( more and less technical ) as well.

JRobert · 30th August 2005, 02:45 AM

Thank you, both. That's just the kind of overview I was looking for.

-jeff-

hadaso · 30th August 2005, 05:28 AM

Quote:

Originally posted by brong
... Of course we can't really do anything for customer owned domains since they might be using their own hosts.

But you can let customers that host their domains including DNS with MessagingEngine opt to have such DNS records (and others). Like choose to have a record stating they have no host, or stating they have one and its address. (Perhaps FastCommand can be used for such things. I added "Manage DNS" to the FastCommand suggestions on the wiki).

Jeremy Howard · 30th August 2005, 08:52 AM

I'm nearly convinced that this is a Good Idea. I like the fact that it uses SRV records in such a nice way. It doesn't assume that everyone switches to it immediately. It doesn't seem to break any existing email processes.

elvey · 30th August 2005, 05:56 PM

Whatever reasons you think it might not work, I want to hear them, at least if they're ones I haven't heard before. Like crypto algorithms, these algorithms need to be worked over. I won't be able to respond for a week tho.

elvey · 9th September 2005, 04:42 AM

Well, spam volumes keep going up. I'm frequently dealing with users who encounter false positives. No questions? Any concerns you'd care to air? The DNA part needs to come together still.

Jeremy Howard · 9th September 2005, 08:52 AM

My only outstanding questions are how the DNAs work. I can't see any downsides to providing CSV records. For them to actually provide benefit however they would need to be widely used, and some effective DNAs would be required (with our mail volume, we could probably be a DNA ourselves I guess...)

MZRascoff · 15th September 2005, 01:21 AM

I use a forged "from" line on my Fastmail email, a forwarding address that sends mail on FM. Will CSV mean my mail will be rejected as spam?

Matthew

Jeremy Howard · 15th September 2005, 07:13 AM

Quote:

Originally posted by MZRascoff
I use a forged "from" line on my Fastmail email, a forwarding address that sends mail on FM. Will CSV mean my mail will be rejected as spam?

No, it won't. CSV works with the 'HELO' command, not the "MAIL FROM" command or the "From:" header.

elvey · 1st November 2005, 08:32 AM

BTW, we added CSV records for a mail server 2 weeks ago and have had no issues. (It sends about 5,000 emails a day, far less than FM.)

brong · 1st November 2005, 10:42 AM

I shall consider myself prodded, and have up-prioritised this thread in my jobs list!

29th August 2005, 08:50 AM	#2
brong The "e" in e-mail Join Date: Jul 2004 Location: Oslo, Norway Posts: 2,380 Representative of: Fastmail.fm	Re: Request for CSV support to aid deliverability. You know that list of reasons why a proposed spam control technique is stupid - I can't see this ticking any of them! It does seem a very sensible idea. I've just installed it for my own domain (brong.net) and the other DNS I host there (none of which should be sending through any other server...) _client._smtp IN SRV 1 1 1 brong.net _client._smtp.paragon IN SRV 1 2 1 paragon.brong.net It's really that easy I suspect we'll be going the 1 2 1 route and adding the other servers (mx1-4 and ext1) as well, but I'll chat to Jeremy and Rob about it today. We can also put in 1 1 1 records for every other domain we own, since they should never be used for SMTP EHLO. Of course we can't really do anything for customer owned domains since they might be using their own hosts.

29th August 2005, 10:24 PM	#3
JRobert Master of the @ Join Date: Feb 2004 Location: New Hampshire, USA Posts: 1,562	I think something cool just took place, but I'm not sure what it is. Could one of you summarize it in a paragraph or two for someone with at very limited to no knowledge of the network-level details of mail routing? Thanks! -jeff-

30th August 2005, 12:27 AM	#4
brong The "e" in e-mail Join Date: Jul 2004 Location: Oslo, Norway Posts: 2,380 Representative of: Fastmail.fm	There are three pieces of information on the so called "envelope" of an email message - the pieces of information that mail transfer agents use to decide where to shuffle data. 1) Sending server (HELO/EHLO) 2) Sender email (MAIL FROM) 3) Recipient email (RCPT TO) - possibly multiple Most anti-spam techniques have concentrated on verifying (2) or (3) above. This one addresses (1) instead. Only the owner of a domain can publish DNS records for that domain, so by publishing the records Elvey has suggested above, we are asserting that the only "sending servers" for our domain are the ones listed. Any other server which claims to be "something.messagingengine.com" is then known to be fake, and hence mail from it can be safely discarded. Further, we can generate records for fastmail.fm, eml.cc, etc - in which we say that there are NO servers which send mail called "something.fastmail.fm". All email for those domains comes from out{n}.smtp.messagingengine.com or from ISP servers which have their own domains. Does that help at all? Bron.

30th August 2005, 02:45 AM	#6
JRobert Master of the @ Join Date: Feb 2004 Location: New Hampshire, USA Posts: 1,562	Thank you, both. That's just the kind of overview I was looking for. -jeff-

30th August 2005, 08:52 AM	#8
Jeremy Howard Ultimate Contributor Join Date: Sep 2001 Location: Australia Posts: 11,499	I'm nearly convinced that this is a Good Idea. I like the fact that it uses SRV records in such a nice way. It doesn't assume that everyone switches to it immediately. It doesn't seem to break any existing email processes.

30th August 2005, 05:56 PM	#9
elvey The "e" in e-mail Join Date: Jan 2002 Location: San Francisco Posts: 2,328	Whatever reasons you think it might not work, I want to hear them, at least if they're ones I haven't heard before. Like crypto algorithms, these algorithms need to be worked over. I won't be able to respond for a week tho.

9th September 2005, 04:42 AM	#10
elvey The "e" in e-mail Join Date: Jan 2002 Location: San Francisco Posts: 2,328	Well, spam volumes keep going up. I'm frequently dealing with users who encounter false positives. No questions? Any concerns you'd care to air? The DNA part needs to come together still.

9th September 2005, 08:52 AM	#11
Jeremy Howard Ultimate Contributor Join Date: Sep 2001 Location: Australia Posts: 11,499	My only outstanding questions are how the DNAs work. I can't see any downsides to providing CSV records. For them to actually provide benefit however they would need to be widely used, and some effective DNAs would be required (with our mail volume, we could probably be a DNA ourselves I guess...)

15th September 2005, 01:21 AM	#12
MZRascoff Essential Contributor Join Date: Sep 2002 Location: New York Posts: 249	I use a forged "from" line on my Fastmail email, a forwarding address that sends mail on FM. Will CSV mean my mail will be rejected as spam? Matthew

1st November 2005, 08:32 AM	#14
elvey The "e" in e-mail Join Date: Jan 2002 Location: San Francisco Posts: 2,328	BTW, we added CSV records for a mail server 2 weeks ago and have had no issues. (It sends about 5,000 emails a day, far less than FM.)

1st November 2005, 10:42 AM	#15
brong The "e" in e-mail Join Date: Jul 2004 Location: Oslo, Norway Posts: 2,380 Representative of: Fastmail.fm	I shall consider myself prodded, and have up-prioritised this thread in my jobs list!