Re: Major issues in my group, spoofed or something internal in IO??? Help please.


 

Thanks Shal. That's more or less what I understood from the discussion, without
being sure in the case of SPF and DKIM. I knew about DMARC from discussions
here and on Beta, and had taken action about that on my own web site (now
temporarily closed until I find a new host), where visitors could send emails
to other people direct from the site. For that I put a DMARC-valid address in
the "From" field and the sender's only in the "Reply to" field, which seemed to
work. That was quite a long time ago now. Mark's problem is of course rather
different and not so easily solved.

Jim

On 18 Aug 2018 at 16:45, Shal Farley wrote:

Jim,

> Some of my confusion comes from your reference to "talktalk servers".

They came up because the IP address that delivered your message to
Groups.io belonged to them.

> My ISP, through which I send emails, is Talktalk Residential (who use
> the talktalk.net domain).

That's the one I was referring to.

> In addition, I had not heard of either SPF or DKIM before and I'm not
> sure of the significance of either of them.

They are email authentication standards. Plus a newer one, DMARC, which
is built on those two. Most receiving services take one or more of these
tests into account when deciding whether to deliver a message to your
inbox or to your spam folder, or not at all (reject, aka "bounce" it).

> ... but since everything is working fine (and has been for 22 years
> now) I'm not proposing to make any immediate changes.

Most receiving services will make allowances for the fact that not every
legit sender uses these newer (newer than email itself anyway) standards
that have been put in place to stem the tide of viruses, robo-spam and
other abuses. Groups.io, for example, doesn't currently use those tests
on inbound messages - which left the door open to the abuse the OP
(Gilly) suffered.

So Mark is currently trying to work out how to tighten up the inbound
security, without impacting legitimate traditional use cases such as
yours. My fingers are crossed that he'll be able to do something that is
effective but low- or no-impact for use cases like yours.

Shal
--
http://jimellame.tumblr.com - My thoughts on freedom (needs updating)
http://jimella.wordpress.com - political snippets, especially economic policy
http://jimella.livejournal.com - misc. snippets, some political, some not
Forget Google! I search with https://duckduckgo.com which doesn't spy on you

Join GroupManagersForum@groups.io to automatically receive all group messages.