Hey, didn’t know where to put this but the expiry emails have been going straight to my junk folder. I marked the emails as safe but just wanted to let you know in case it’s a widespread issue. The email provider is Gmail in my case.
Cheers,
Ale
Hey, didn’t know where to put this but the expiry emails have been going straight to my junk folder. I marked the emails as safe but just wanted to let you know in case it’s a widespread issue. The email provider is Gmail in my case.
Cheers,
Ale
For @lestaff s information, these are the SpamAssassin tests my recent (13-10) notification I was getting:
BAYES_00=-1.9
DKIM_INVALID=0.1
DKIM_SIGNED=0.1
HEADER_FROM_DIFFERENT_DOMAINS=0.25
RCVD_IN_BL_SPAMCOP_NET=1.347
RCVD_IN_DNSWL_NONE=-0.0001
It also has two DKIM signatures. One with d=mandrillapp.com
and one with d=letsencrypt.org
. Apparently, my SpamAssassin things something is wrong with the DKIM signature or signatures.
For extra precautions, Let’s Encrypt might also want to implement DMARC, and change the envelope address from mandrillapp.com to a let’s encrypt return path.
@aaaleee We’re continuing to monitor our email statistics, but there’s nothing out of the ordinary from what’s being reported by Mandrill. According to MX Toolbox, we have a clean bill of health.
@Osiris The Mandrill DKIM/SPF validator states we have a valid configuration. Testing with http://dkimvalidator.com/ also gave back favorable results.
@stevenzhu We’re discussing the return-path address internally and will also be deploying DMARC in monitoring mode.
I'm not sure if that works, searching for the IP address behind the MX record for letsencrypt.org
, when the e-mails are being sent through mandrillapp.com (in my case mail179-17.suw41.mandrillapp.com
):
We notice you are on a blacklist.
Well, that site is a little contradictory: the top test says my DKIM signature is valid but at the same time, the SpamAssassin of that site (on the bottom of the tests) says the DKIM signature is invalid
So perhaps it's a problem with SAs DKIM validation in general.. Both dkimvalidator.com
as my own SA mark a valid DKIM signature as invalid..
Here's the response I got from dkimvalidator.org
SpamAssassin Score: -0.161
Message is NOT marked as spam
Points breakdown:
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.210.54 listed in list.dnswl.org]
0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[209.85.210.54 listed in wl.mailspike.net]
0.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
-0.1 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender
Regarding MX Toolbox, I did not see letsencrypt.org on any blacklists. However, https://www.ultratools.com/tools/spamDBLookupResult states that Google IP 172.217.197.27
is on several of the SORBS blacklists.
Doing some digging inside of SORBS, we had 5 spam hits on SORBS lists back on August 31, 2018. Afaict, those entries have since expired.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.