PFF - Pennock's Fiero Forum, PDA Edition

Less than 1% of My Incoming Email is Legit (Page 2/2)

Cliff Pennock

MAY 11, 05:00 AM

MXToolbox misinterprets some parts of the header. For example, it uses 127.0.0.1 (localhost) as the sending IP address for SPF checks. This IP shows up in the header because, on my and most other mail servers, outgoing mail is first passed through a local virus scanner or content filter (like Amavis, SpamAssassin, or ClamAV) before being handed off to the outbound MTA that actually delivers the mail to the internet. That handoff is logged in the header with 127.0.0.1, since both the scanner and MTA are running on the same machine.

MXToolbox then takes that localhost IP and tries to do an SPF check against it - which of course fails, because no one includes 127.0.0.1 in their SPF records. But that was never the real sending IP in the first place. A proper SPF check should use the public IP address of the server that actually transmitted the message - and that server is also present in the headers. Most other SPF/DKIM checkers (and mail clients) understand this and use the correct IP. MXToolbox doesn’t always do that (if ever), leading to false SPF failures.

DKIM failures can also be incorrectly reported. If the content or headers were slightly modified by a spam filter or virus scanner (even something as minor as extra whitespace) at the receiving end, the DKIM signature can appear broken - even though it was valid when originally sent and received.

NewDustin

MAY 12, 12:35 PM

That seems likely, though I'm still confused why Outlook would mark it as Spam based on their Spam filtering modifying the DKIM when it doesn't appear to be doing that on all messages. I'm guessing it was something unrelated?

Was I wrong about you using SpamAssassin as well?

82-T/A [At Work]

SEP 06, 12:25 PM

Just wanted to add to this, as it came up when I was searching for something.

I've had the same issue recently as well... it's gotten progressively worse.

I have a BellSouth (old Yahoo account) and a GMAIL e-mail. The Bell South one gets hacked almost monthly. Basically, I get a notification from my Outlook 365 that it can't log in, and someone has magically created a new email key in Yahoo, and changed my password. The only reason I can get in is because it's set to two-factor authentication to change the phone number or something. I don't care because I only keep that e-mail around because once in a blue moon someone reaches out to me on it, and some old forums use it. I'm not concerned. But I get close to 400 e-mails a day, usually only 1 is something I've actually asked for.

My Gmail has also recently become the same thing... and it largely has to do with the prevalence of how using that e-mail for everything, has caused it to be shared from company to company. It just sucks.

I also have an old land-line that I've converted to VOIP (back in 2011 when I left South Florida the first time), and I get at least 5-6 calls on it all day. Maybe one out of a week is someone I intend to talk to, otherwise it's just people wanting to buy my land, or asking for donations for something... or actual scam calls.

It's the world we live in today... it's frustrating.