Closed guaka closed 8 years ago
I got quite a few reports about this already as well.
I thought adding dedicated IP would help (instead of free cloud IP we have now), but it turns out with low mail traffic it's more hard to keep reputation good.
Related to slow mails #38
It might be worth implementing dkim on the mail server as well. I could do this if I access to the mail server and its DNS. I had to do this for my own server not long ago.
@CRCulver we're using a gateway (Mandrill) to send all the mails so no problem at that side.
If no dedicated IP from Mandrill, the only option is to try technically/verbally improve the messages we send.
Let's also hope that over the enough time people click "not spam" at Gmail for our messages.
Meanwhile we've got warnings written at all important places.
Oh and SPF/DKIM records are all set and ok.
When I query the DNS information for trustroots.org, I see a TXT-type record for SPF, but none for DKIM.
Huh? Look for TXT record mandrill._domainkey.trustroots.org
or validate it with the tool (enter "mandrill" and "trustroots.org")
When did you add it? Perhaps it hasn't propagated to the couple of DNS servers I queried. Anyway, I guess all is well.
No, DKIM TXT record has been there for months.
Now I realised there's also possibility to add SPF type record (not just TXT). In my understanding TXT type should be enough, but now we've got both. Let's wait and see if this has any affect.
SPF is inside a TXT record.
Where is the DKIM?
I think it's good to remove ?all. That would only allow trustroots.org emails coming from mandrillapp.com.
dig txt trustroots.org|grep spf
trustroots.org. 86388 IN TXT "v=spf1 include:spf.mandrillapp.com ?all"
On Sat, Dec 27, 2014 at 4:42 PM, Mikael Korpela notifications@github.com wrote:
No, SPF TXT record has been there for months.
Now I realised there's also possibility to add SPF type record (not just TXT). In my understanding TXT type should be enough, but now we've got both. Let's wait and see if this has any affect.
— Reply to this email directly or view it on GitHub https://github.com/Trustroots/trustroots/issues/96#issuecomment-68181833 .
DKIM is also inside a TXT record. However, dig -t ANY
on my own domain doesn't show my DKIM, though it shows the SPF, so I guess it is some kind of limitation of dig
, and DKIM is set up fine on the trustroots.org DNS record.
By the way, have you sent an e-mail to check-auth@verifier.port25.com
to see what it reports?
Humm! I just realised no-reply@ doesn't exist currently. @chmac
On the other hand this article suggests we should use something else. Thoughts/experiences?
We're obviously not going to collect no-reply mails anywhere but dev/null anyway. Bounce errors we would get from Nodemailer once we implement them properly.
otherwise, to get around the "marked as spam", use e.g. kasper@tr for a while and forward that to my G inbox, I'll filter and label it and check it once a day, if this improves the spam situation by the end of the month we can move towards noreply@
On Mon, Jan 5, 2015 at 1:42 PM, Mikael Korpela notifications@github.com wrote:
Humm! I just realised no-reply@ doesn't exist currently. @chmac https://github.com/chmac
On the other hand this article http://www.gettingemaildelivered.com/do-not-use-noreply-or-dontreply-as-your-from-return-address-in-email suggests we should use something else. Thoughts/experiences?
We're obviously not going to collect no-reply mails anywhere but dev/null anyway. Bounce errors we would get from Nodemailer once we implement them properly.
— Reply to this email directly or view it on GitHub https://github.com/Trustroots/trustroots/issues/96#issuecomment-68703037 .
@chmac @guaka does that forwarder already exist & can I switch to that right away?
I believe mail hits my mail host. If you want an alias configured and forwarded somewhere, just let me know what @ and where you want it to go...
@chmac: kasper@ —> Kasper's Gmail, thanks. :-)
Why not mikael@ to my mail, too.
Done.
I also added Mikael to the forward for hello@ which I realise wasn't going to you previously. Hope I didn't miss any messages in there assuming you would answer them...
Whoops, realise this issue was not only about creating email aliases.
@chmac I don't think hello@ was written down anywhere publicly earlier anyway?
Looks like kasper@ as "from" address works better for spam stuff compared to noreply@ — interesting!
Let's change it to something more generic one that we'd also keep checking since people seem to sometimes reply mails directly for support. Additionally I'll add support contact more visibly to mails #190
hello@, from@, notification@, or ping@ — what do you think?
I don't get that many emails, I'm totally fine with average of less than 1 per week.
I like hello@
@chmac, hello@ is forwarded for us three?
"Unsubscribe kasper@trustroots.org from LinkedIn invitation reminders?" yes! :)
Just changed hello@ to reach all 3 of us. Going to be tricky to track how we reply. Maybe worth one of those online ticket type things? Or a single gmail account that we all log into from? Or we always CC the hello@ address when we reply? Or we solve the problem when we have it? :-)
with hitchwiki we cc contact@ most of the time, has worked well enough the past years :)
On Tue, Feb 17, 2015 at 4:56 PM, Callum Macdonald notifications@github.com wrote:
Just changed hello@ to reach all 3 of us. Going to be tricky to track how we reply. Maybe worth one of those online ticket type things? Or a single gmail account that we all log into from? Or we always CC the hello@ address when we reply? Or we solve the problem when we have it? :-)
— Reply to this email directly or view it on GitHub https://github.com/Trustroots/trustroots/issues/96#issuecomment-74691060 .
I changed from-address to "hello" at production.
Yep, CC'ing works fine.
In any case you can expect me to be able to solve most of the support mails (they often need checking something from the DB), so you can wait for a few hours before replying them. Support mails from WP come now only to me.
I want to install some support/ticket thingy anyway just because it'd be so much easier to follow easier which mails I have replied and to have some basic reply templates at handy etc. #106
http://mxtoolbox.com/domain/trustroots.org/?source=findmonitors now gives:
Hostname has returned a SPF Record that has been deprecated
The use of alternative DNS RR types that was formerly supported during the experimental phase of SPF was discontinued in 2014. SPF records must now only be published as a DNS TXT (type 16) Resource Record (RR) [RFC1035]. See RFC7208 for further detail on this change.
According to RFC 7208 Section 3.1: During the period when SPF was in development, requirements for assigning a new DNS RR type were more stringent than they are today and support for the deployment of new DNS RR types was not deployed in DNS servers and provisioning systems. The end result was that developers of SPF discovered it was easier and more practical to follow the TXT RR type for SPF.
I'll look into it today.
I think the problem is that both of these commands return the same, but the second one should not return anything, as SPF as a type of records has been deprecated. So instead of having types like MX, and SPF, and TXT, it's now just TXT which contains an SPF string.
➜ ~ dig +short txt trustroots.org
"v=spf1 include:spf.mandrillapp.com ?all"
➜ ~ dig +short txt trustroots.org
"v=spf1 include:spf.mandrillapp.com ?all"
I guess the solution is just to remove the type=SPF record from the DNS server. Not sure who controls DNS though, maybe @guaka ?
@chmac I removed type=SPF
record now (and left type=TXT containing SPF record), thanks!
— to check at some point; https://sendgrid.com/blog/5-ways-check-sending-reputation/
happened to Erga
looks fine:
trustroots.org. 86400 IN TXT "v=spf1 include:spf.mandrillapp.com ?all"
to do: