Upcoming Mail System Changes: Mail Gateway

[gtgeorge]

Quote:

Originally Posted by Popi91

Yes I did.

I have had this account for almost two years and this is the first time it has been blacklisted.

Which server are you on? And congratulations with your luck of not being on the same servers as spammers or users that forward their domain emails to their AOL etc accounts and report them as spam when they arrive.

[outshine]

Yeah, no kidding! I've been getting blacklisted once a month for the past year or so.

I'm in the same boat as everyone else, I really like Host Gator and don't want to leave, but this is costing me business and I feel like they are dragging their feet a bit. It seems like if their email was becoming useless for a couple of days every month they'd be a bit more proactive about fixing it.

[punkandp]

The mail issue is a hard one, I am sure that part of it has to do with how other ISP's react. Things like blacklisting are the unfortunate product of customers flipping out if they see even one piece of spam.

While I personally don't care for spam I realize that no matter what, it will exist. I don't even use a spam filter just because a crucial wholesale email COULD show up as a false positive which is just not worth it.

By the way, HG had my SSL certificate installed 3-4 hours after I bought it, kickass serivce, I really wanna stay.

[BAMBAM]

Is there anything on this new mail gateway that would cause me to not receive e-mail from some servers any more?

Since 17th sept I noticed I no longer receive emails from a particular mailing list. Changed the subscribed email to my hotmail address and they come through again. Since I dont have any spam filters enabled and there is no notification that the email delivery was even attempted, obviously the worry is what other emails I may not be not receiving.

[chaloupe]

I don't have full details on how the gateway is working but it is use only for sending out so in other word, just for mail that is going out of HG servers and not coming in. Again, GatorDaveC could correct me if this is not the case.

We didn't receive any notice that the gateway was also install and in action at this point but with the issue you have, it worth to try a few things like checking your spam box, if the email your are receiving is whitelisted in your account ( if you use some type of application to block emails not wanted )

Also do you use only the webmail interace to check your email or like Outlook / Thunderbird. Outlook or Thunderbird has some Junk and spam policies that you can set so maybe it goes directly to your delete file folder.

I hope you get it sort out!

Best Regards,

[codesight]

Can we get an update on this?

People are reporting it's in use.

[Eifel]

When are the SPF records going to get updated please?

[nystagmus]

Well, I just had someone on livechat confirm it for me. Yay! What I don't understand is why HG haven't put a notice up or anything. For me, this is a big plus and as it seems to be working, has removed my inkling to mve away.

[Pazeh]

if server IPs can be rotated, why not give shared/resellers their own IP (surely with extra charge) that they can send their emails from too ?

I mean I would gladly pay 2$/month for an IP that my site will use for SSL n mail. If that IP is blacklisted, then its the responsibility of the IP owner (shared / reseller)

I think this is very useful and important specially for the resellers like me.

[gtgeorge]

Quote:

Originally Posted by Pazeh

if server IPs can be rotated, why not give shared/resellers their own IP (surely with extra charge) that they can send their emails from too ?

I mean I would gladly pay 2$/month for an IP that my site will use for SSL n mail. If that IP is blacklisted, then its the responsibility of the IP owner (shared / reseller)

I think this is very useful and important specially for the resellers like me.

Because they would have to install a mailserver on every ip that they give out?

[Ali Ahmed]

thanks .........

ampress!!!

[GatorDaveC]

The mail gateways are pretty much done at the moment. I have all of the Shared boxes running on it, and just finished setting up the SPF records.

Most of the plugins were hand written so if there are any issues, I should be able to correct them pretty quickly.

The gateway system is distributed over 3 servers that have identical setups. I plan on getting 2 more servers in the next few days so we can load the reseller servers on the gateway system.

We are actually able to squeeze all of our shared servers on 1 server, but doing that would be too risky if there was any type of failure.

Anyway, I'm going to bed.. I'll be updating this post in a day or two with the reseller progress.

[kmaw]

I'm sure that update will make some people feel better....

[MikeC]

Quote:

Originally Posted by kmaw

I'm sure that update will make some people feel better....

.... and resellers with SPF records as nervous as a cat in a room full of rocking chairs.....

[GatorDaveC]

Quote:

Originally Posted by MikeC

.... and resellers with SPF records nervous.....

Any custom SPF records will be left the way they are. The only SPF's we are going to change are our default ones that we use.

[MikeC]

Quote:

Originally Posted by GatorDaveC

Any custom SPF records will be left the way they are. The only SPF's we are going to change are our default ones that we use.

And that will cause a problem when you force those reseller domains over to the mail server cluster for outbound mail processing and those custom SPF records have not been changed. At that point all outside servers receiving that mail and doing SPF checks will begin refusing delivery of that mail, if they're honoring those 'custom' SPF records.

Now that can be easily avoided if you'll give us sufficient detailed information about the cluster so that we can update our custom SPF records in advance of the switch. Then we can include the server cluster in our custom SPF records BEFORE the switch and all will be transparent at the time of the switch. A proactive approach instead of a reactive one, PLEASE!!!!!!!

For example, if you could provide us an SPF domain include for our SPF records, we could then simply add that into our custom SPF records and we'd be set. Also remember that resellers don't want to be obviously tied back to our providers as far as the outside world is concerned. So those includes and their internal references should be as transparent as possible. They should also have no entries that will require DNS servicing, if at all possible, since the SPF standard does have a limit of how many DNS lookups are to occur from an SPF record processing and we may already be at or near that limit. The include itself will add one DNS call by itself.

So as I typed all this I looked and there is an SPF record for websitewelcome.com that shows:

"v=spf1 a mx a:gateway01.websitewelcome.com a:gateway02.websitewelcome.com a:gateway03.websitewelcome.com"

Is that the correct reflection of the new cluster for resellers? (More DNS services than I'd hoped for but I have seen worse ones...)

If so then resellers that have custom SPF records need to be told this in advance of the switch so that they can make their updates before the switch.

Mike

[GatorDaveC]

The current SPF records are "v=spf1 a mx a:gateway01.websitewelcome.com a:gateway02.websitewelcome.com a:gateway03.websitewelcome.com a:gateway04.websitewelcome.com a:gateway05.websitewelcome.com a:gateway06.websitewelcome.com".

You may use "include:websitewelcome.com" to attach your SPF records to our updated list.

[MikeC]

Quote:

Originally Posted by GatorDaveC

The current SPF records are "v=spf1 a mx a:gateway01.websitewelcome.com a:gateway02.websitewelcome.com a:gateway03.websitewelcome.com a:gateway04.websitewelcome.com a:gateway05.websitewelcome.com a:gateway06.websitewelcome.com".

You may use "include:websitewelcome.com" to attach your SPF records to our updated list.

Dave - that is an unfortunate SPF record setup. Use of it on an 'include' will consume 9 of the 10 DNS lookups allowed for SPF processing, which makes use of it not feasible for most resellers. (rfc4408)

I'd like to propose 2 possible solutions:
1. Convert each of the 'a:gateway0...' entries to 'IP4:....', that will eliminate 6 of the 9 DNS lookups when using that SPF as an 'include'.
2. Allow resellers the option of opting out of the mail server cluster and continue using the mail services on their local server as they do today.

I do realize that option 1 does make maintaining the SPF record a bit more difficult on HG when the IP addresses of those servers needs to change (but how often would that really occur). What is more likely to occur is needing to add additional gateway servers and then you'd still have to update the SPF records with those new servers and you couldn't add more than two more servers before your SPF record exceeded the limit on its own. Using CIDR notation in the IP4: entries to cover blocks of IP addresses could give you that future expansion capabilities without having to do SPF updates. Option 1 would also lessen the local DNS load by not incurring those lookups as well.

Without some viable option, HG may prevent its resellers from using SPF to do some protecting of their domain names from being used by spammers, which is a definite step backwards and has the potential to cost HG some loyal resellers.

Also remember that a loss of SPF usage by your resellers will increase inbound mail to those resellers due to bounced mail that could have been rejected at SMTP time as well as false complaints by folks who have no clue how to read mail headers.

Thanks for considering these comments and I hope we can come up with a win-win solution for us all (well everyone except the spammers).

Mike

[lsimpson]

Quote:

Originally Posted by GatorDaveC

The current SPF records are "v=spf1 a mx a:gateway01.websitewelcome.com a:gateway02.websitewelcome.com a:gateway03.websitewelcome.com a:gateway04.websitewelcome.com a:gateway05.websitewelcome.com a:gateway06.websitewelcome.com".

You may use "include:websitewelcome.com" to attach your SPF records to our updated list.

Dave I just looked up the new SPF recoreds that HG have amended. Is it okay to have hard fail? What happens to mail that is false positive? Does it get dropped or does SA tagg it as spam and send it to my existing POP3 account I have filtered for SPAM?

[lsimpson]

I've noticed today that SPAM is being handled differently now. My tagged mail was being forwarded inside a mail message that showed the SA taggs with [SPAM] in the subject field. As of today the original mail message is now being forwarded (not as an attachment) with ***SPAM*** in the subject field. Are these changes permanent?

[gregsass]

I'm seeing the same thing as lsimpson in the past day. In addition, the headers are different. I used to key off of X-SpamLevel, which no longer appears. But I see what I think are 4 new headers X-Spam-Score (appears 10x the old score, i.e. what used to be 9.5 comes through as 95), X-Spam-Bar (appears to have replaced X-Spam-Level), X-Spam-Report (appears to be the results of SpamAssassin as I had configured it), and X-Spam-Flag.

I don't mind the changes (well, expect for the changing of the subject line, I really hate that), and I really like the fact HostGator is trying to help with the growing spam problem. But I (and all the other customers) need to know what is going on here so we can adjust as necessary.

[MikeC]

For those following this thread for SPF info related to the mail gateways, you'll also want to track this thread as well.

[dwproone]

Since this mail system changes, I have some problems regarding mails sent to yahoo account. Some of my email messages bounce back because Yahoo have temporarily deferred several IP Adresses used by this new mail gateway servers.

This is the error messages samples :

Quote:

a. Received: from gator38.hostgator.com (70.85.248.226) by
gateway06.websitewelcome.com with SMTP; 6 Feb 2008 03:56:02 -0000. Connected to 68.142.202.247 but greeting failed. Remote host said: 421 4.7.0 [TS01] Messages from 67.18.144.9 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html I'm not going to try again; this message has been in the queue too long.

b. Received: from gator38.hostgator.com (70.85.248.226) by
gateway06.websitewelcome.com with SMTP; 6 Feb 2008 06:38:06 -0000. Connected to 66.196.97.250 but greeting failed.Remote host said: 421 4.7.0 [TS01] Messages from 67.18.144.9 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html I'm not going to try again; this message has been in the queue too long.

c. Received: from gator38.hostgator.com (70.85.248.226) by gateway03.websitewelcome.com with SMTP; 22 Feb 2008 23:38:29 -0000.
Connected to 216.39.53.2 but greeting failed. Remote host said: 421 4.7.0 [TS01] Messages from 74.52.223.144 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
I'm not going to try again; this message has been in the queue too long.

I never had this problem with my old mail gateway (gator38.hostgator.com).

A support ticket has been submitted regarding this problem, but no solution until now...

[newview]

Quote:

Originally Posted by dwproone

Since this mail system changes, I have some problems regarding mails sent to yahoo account.

I've submitted numerous tickets on this very same issue.

They've had no reply with a resolution.