|
FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc. |
|
Thread Tools |
27 Oct 2016, 03:51 PM | #1 |
Master of the @
Join Date: Nov 2006
Location: Ghent, Belgium
Posts: 1,027
|
Why marked as spam, although in address book?
A couple of months ago I cleaned out my complete spam folder (to save some space).
Since then, quite some good messages have been arriving in my spam folder, that were previously not. I repeatly started marking them as "Not spam", but even some months later this didn't help. So, I added some of the sender address to my address book, but some still end up in my Spam folder. Why could that be? If I look at the raw content of a message marked as spam (spam score 5.4) I see that the X-Spam-known-sender field says "no" but it /is/ correctly recognized as being in my address book (i.e. in the group "whitelist"). So why is it saying "no" to "known-sender". The sender address is my address book as *@<subdomain>.<domain>.com X-Spam-known-sender: no ("Email failed DMARC policy for domain"), in-addressbook, 10c8717d-4508-4dc9-a564-4880a5854db6 ("whitelist") X-Spam-score: 5.4 |
27 Oct 2016, 11:37 PM | #2 |
Intergalactic Postmaster
Join Date: May 2004
Location: Irving, Texas
Posts: 8,930
|
DMARC policy published by domain of From address
As your post shows, that email message failed the DMARC policy published for the domain. DMARC allows the owner of a domain to specify which outgoing SMTP servers are allowed to send messages using their domain in the From address. The purpose is to reduce spam and especially phishing attacks. For example:
https://support.google.com/mail/answer/2451690?hl=en https://dmarc.org/stats/alexa-top-sites/dmarc/ Yahoo publishes a p=reject DMARC policy for their yahoo.com domain, so if you have a yahoo.com email account and send email using that From address from any server other than those specified by Yahoo, your mail will be rejected by any recipient email system who implements the DMARC rules. If you want to test this, enter the From domain in this tool: https://www.misk.com/tools/#dns/ Microsoft.com specifies p=quarantine, so messages sent from the wrong server will be quarantined by recipient email systems (which is usually the spam folder). Each recipient email system can choose to use the full DMARC recommendations, ignore DMARC, or use some modified policy. In this case, it appears that FastMail has quarantined the message because it was sent from the wrong server. Certain types of forwarding or redirection can also cause this to occur. Bill |
27 Oct 2016, 11:39 PM | #3 |
Essential Contributor
Join Date: Apr 2008
Posts: 371
|
The note that the email failed the DMARC policy for the domain appears to be the key here. This obviously factors into the spam score, and somehow overrides any whitelisting you may have in place. Without knowing the sending domain and other details, it's not possible to know exactly what DMARC policy is in place that might have triggered this, but assuming that a policy or mail server is correctly configured, it's usually a good sign that the message could be spoofed.
Whether this makes sense or not is open to some debate, but to me it makes sense that if a message fails the DMARC policy for the sending domain a whitelisting based on the sender simply being in your address book wouldn't necessarily be trustworthy, as the sender could be forged. In other words, you may whitelist "bob@gmail.com" but if you're getting an email that says it's from Bob, but didn't actually come through Gmail's servers, you can't be certain it's really from Bob, as opposed to somebody pretending to be Bob. To be fair, this sort of thing actually happens a lot more than you think with the number of malware and phishing emails out there. It seems to have dropped off in recent years as people (and ISPs, and companies like Microsoft) secure their email clients and computers more diligently, but it wasn't uncommon for viruses to propagate themselves through email by extracting information from the address book of somebody you know, finding your name in it, and then sending out emails that appear to be "From" them in the hopes that you'd actually fall for the trap by thinking the message is from somebody you know. |
28 Oct 2016, 03:53 AM | #4 | ||
Master of the @
Join Date: Nov 2006
Location: Ghent, Belgium
Posts: 1,027
|
Thanks for the explanation. I have it for:
nieuwsbrief@info.bol.com (a big Dutch online store) Return-Path: <nieuwsbrief@info.bol.com> Quote:
Quote:
I do havee to state that my main address is a hotmail address that is forwarded to my fastmail account. |
||
28 Oct 2016, 05:52 AM | #5 |
Essential Contributor
Join Date: Apr 2008
Posts: 371
|
It's your forwarding from Hotmail that's doing you in.
As the headers you've posted show, what's basically happening is this:
In the case of info.bol.com, the SPF record uses "-ALL" which means that the list of servers is authoritative — unless a server is on that list, it is NEVER allowed to send mail from anybody @info.bol.com. Hence you see an outright SPF "FAIL." LinkedIn uses a slightly more relaxed approach with "~ALL" which means that the list of servers is not authoritative — other servers might be used to send mail from @linkedin.com, so that's an SPF "softfail" and is generally handled less seriously than an outright "fail." Under normal circumstances, this is a good thing — it's exactly how you want Fastmail to work, as you wouldn't want somebody sending a message to you from "invitations@linkedin.com" if it was really just some guy with a Hotmail address forging a LinkedIn email to phish for your password. However, for people forwarding mail, this is actually what SRS Rewriting is for (see Fastmail's help on SRS Rewriting — this applies to forwarding messages FROM FastMail TO another service, so it won't solve your problem, but it explains the concept behind it). I doubt that Hotmail supports such a feature, but if it does you could enable that to allow the forwarded messages to be delivered properly to Fastmail and avoid these issues. |
28 Oct 2016, 06:23 AM | #6 |
Cornerstone of the Community
Join Date: Dec 2005
Location: Kars, NB, Canada
Posts: 702
|
Your problem is from the forwarding from Hotmail, as has just been suggested. Both info.bol.com and linkedin.com have DMARC records. DMARC is a facility that allows senders to make a request to a receiving email system as to what to do when the receiving system fails certain verification tests for the authenticity of the sender. Roughly (I may not have all the words right), at least one of the following tests must be met: (1) spf is tested against the envelope sender ("smtp mailfrom"), it passes, and the domain of the envelope sender is the same as the domain (or subdomain if "relaxed" is allowed) in the visible "From:" field you see in your mail client; or, (2) a DKIM encryption code is evaluated and passes, which shows the message has not been modified, and the domain of the signer of the encryption agrees with the visible "From:" domain.
The DMARC record of info.bol.com asks that failures be put in spam, and linkedin.com asks that failures be rejected entirely (though Fastmail does not do that, but does raise the spam score substantailly). In the case of Hotmail (aka outlook.com), SPF cannot succeed, even if the sender is rewritten, since it will not agree with the sender in the "From:". And Hotmail/Outlook.com at the present time modifies the message slightly in a way that results in DKIM failure. This is going to be fixed, but they are having some trouble doing so. See the writeup on the issue by the Microsoft chap who works with these things: Why does my email from Facebook, that I forward from my outlook.com account, get rejected? Particularly, follow the comments to see the current status of the fix. I am eagerly awaiting it myself. |
28 Oct 2016, 06:34 AM | #7 |
Cornerstone of the Community
Join Date: Dec 2005
Location: Kars, NB, Canada
Posts: 702
|
Conclusion: you need to either wait out the fix, or do something else:
|
28 Oct 2016, 08:22 AM | #8 |
The "e" in e-mail
Join Date: May 2003
Location: mostly in Thailand
Posts: 3,095
|
In theory, custom sieve code could be used to resolve the problem completely. It could check for the specific case of "known sender" being ignored for DKIM reasons, and apply a higher threshold for spam in that situation. Bit messy, of course.
|
28 Oct 2016, 11:13 AM | #9 |
Intergalactic Postmaster
Join Date: May 2004
Location: Irving, Texas
Posts: 8,930
|
Change delivery to FastMail
The ugly truth is that forwarding in this manner just isn't compatible with current techniques for spam prevention. So the best solution is to log into the sources of those emails and change the email address they use to your FastMail address. I also suggest that you use a subdomain address for two reasons:
Bill |
28 Oct 2016, 07:58 PM | #10 |
Master of the @
Join Date: Nov 2006
Location: Ghent, Belgium
Posts: 1,027
|
Thanks (a lot) for all the great answers. Very helpful !
I will look into it in more detail this weekend. |
28 Oct 2016, 09:20 PM | #11 | |
Cornerstone of the Community
Join Date: Dec 2005
Location: Kars, NB, Canada
Posts: 702
|
Quote:
|
|
29 Oct 2016, 06:02 AM | #12 | |
Ultimate Contributor
Join Date: Dec 2001
Location: Canada.
Posts: 10,355
|
Quote:
|
|
29 Oct 2016, 06:29 AM | #13 | |
Intergalactic Postmaster
Join Date: May 2004
Location: Irving, Texas
Posts: 8,930
|
Quote:
So it makes no difference which registrar was used for yahoo.com -- any email sent with an address at the yahoo.com domain from any server not listed in their DMARC, SPF, and DKIM mechanisms will be rejected by the recipient email server if they strictly follow DMARC policy for that domain. So as I said, the ugly truth is that automatic forwarding (as it is normally implemented, maintaining the original From address) is not compatible with current techniques of spam prevention. The most secure email transfer is made as follows:
Bill |
|
29 Oct 2016, 03:36 PM | #14 | |
Ultimate Contributor
Join Date: Dec 2001
Location: Canada.
Posts: 10,355
|
Quote:
|
|
31 Oct 2016, 10:23 PM | #15 | |
Essential Contributor
Join Date: Apr 2008
Posts: 371
|
Quote:
|
|