Hacker News new | ask | show | jobs
by RawInfoSec 3999 days ago
Enable SPF and DKIM before jumping to uneducated conclusions please. Even if it's randomly accepting for the same address during repeat testing does not indicate that it's not caring about SPF or DKIM, it indicates a random check!

To put it into perspective, don't complain about the car, the road, weather, or the cop when you get ticketed for hitting a parked car in the rain while speeding.

Email is highly complex, and GMail are one of the few that are doing it right! (and per RFC's instead of making their own standards like some other unnamed companies do :)
1 comments
jacquesm 3999 days ago
My email server has not given me any problems in a long long time (years) and to see this pop up is annoying. I'm sure google does their best but I really don't see why this particular set of emails suddenly would trigger their spam flag and previous (quite similar) emails from the same originator and from the same mail server would not.

Random checks are random and do not belong in a system like this.

Yes, email is highly complex, I'll grant you that but if you start adding a random element to it then it gets more complex without any apparent reason.

I'd be perfectly ok with all this if I had made changes on my end but I fail to see how not having made changes on my end this suddenly started happening and I'm supposed to be the one at fault.

link
RawInfoSec 3999 days ago
You're clearly not understanding this.

Random checks do belong in a large scale mail system such as GMail. Their system only checks 1 in x emails for DKIM/SPF.

Could you imagine running DKIM/SPF checks on EVERY single email coming in? That would take considerable compute power, not to mention increasing memory requirements in a system built to minimize such things so that it can be scaled properly.

Your problem is simple. Make your own MTA compliant to any applicable RFC's and GMail will just work. Skipping important items like SPF and DKIM will ALWAYS cause intermittent issues with various other MTA's.

>> I'd be perfectly ok with all this if I had made changes on my end but I fail to see how not having made changes on my end this suddenly started happening and I'm supposed to be the one at fault.

You're making the assumption that every delivery is going to the same server, running the same code, which tests the same checks... every time. - It doesn't, and won't. Outcomes can change in a system designed to flex and deal with current problems.

link
jacquesm 3999 days ago
> Random checks do belong in a large scale mail system such as GMail. Their system only checks 1 in x emails for DKIM/SPF.

I'd imagine google has by now figured out how to make a cache work.

> Could you imagine running DKIM/SPF checks on EVERY single email coming in?

No, but I can imagine keeping a set of cached data per origin address.

> You're making the assumption that every delivery is going to the same server, running the same code, which tests the same checks... every time. - It doesn't, and won't.

Indeed. Unreliable by design.

link