Librem One Blacklisted?

My point is your report is less than a day old and this thread is 11 days old.

The IPs you saw today may not be the same IPs that this thread is based on.

Since support said they were supposed to change this weekend.

This general problem tends to be … finger pointing. (Sender SMTP blames Receiver SMTP. Receiver SMTP blames Sender SMTP. And they both blame the Blacklist Provider.)

By all means contact Librem.One support but there is nothing at the core of the problem that Purism can do (except hire a second, unrelated IP address and use that for troublesome destination SMTP servers).

Your link encourages you also to contact the destination (gmx). At the end of the day, that is where the problem is. I recommend that you do do that.

I have tangled with gmx in the past about bogusly blacklisted sending IP addresses - and not had any joy from them. Perhaps you will do better, particularly if you understand German.

You asked for a discussion.
Click on the link that I provided and take a look at the data.
It is NOT a blacklist.
It is not just “from today” but shows activity over the past few months or longer.
And yes mx1.librem.one is still 192.241.223.110 and it is still being used to send e-mail for librem.one.

https://www.abuseipdb.com/check-block/192.241.223.0/24

More importantly
If anyone had reported spam or attacks from the IP address 192.241.223.110 then it would show.
Therefore - no one in the past year or more has reported that IP address.

X-Force also lists that IP address as unsuspicious

This is guilt by association.
But librem.one can add SPF and DKIM to improve deliverabilty.
And if they are both sadists and masochists then they can think about adding DMARC.

Edit:
my bad they have that IP in SPF - just need to maybe sign the emails with DKIM

A valid SPF record already exists.

In my (bad) experience: a valid SPF record won’t override a (bogus) blacklisting.

I hadn’t looked, because I don’t plan to use librem.one on the foreseeable future, but lacking spf and dkim is disappointing and would result in mail rejections from a not insignificant number of mail servers. These should be setup.

I would hope there is also a reverse DNS entry configured as many systems will attempt an rdns query and if it doesn’t match drop the connection as well.

I have mixed feelings on dmarc. I use it for my domains and wish everyone else did as well, but I also understand how unwieldy it could be without other tools to handle the reports.

There is.

Glad to know about the spf record.

And correct, SPF won’t override a blacklist. After all you could have a legitimate SPF DKIM and DMARC and still be performing actions that get you blacklisted. But having these settings properly configured is still beneficial.

Yeah, I was hasty, and dug for the wrong record.
They have SPF.
DKIM - well it will help.
The thing about blacklists is this - most of the ones that matter are private.
You cant see them with MXtools.
And out of the ones on mxtools and the like - many are bogus or are not used by anyone that matters in general .

What I really want to know is - what is the deal with DigitalOcean. Are they allowing their customers to do such malicious activity?Do they not care ?
Asking for a friend of course

6 replies after midnight my time. I guess most readers of this thread are West Coasties.

Well the weekend is over, I’ll send a test message to one of my groups.io groups and see if anything happens. If not the bounce will come back in 5 days.

Hey, that’s funny. I frequently get the “not a valid email address” response, when I try to register hp@librem.one to some service.

I have run into this issue once, but in that case, it was just lazy input validation only checking against a limited number of TLDs. Nothing to do with a blacklist. Any website with a .one domain would fail that check. I suspect this is the cause for the vast majority of any sign-up issues.

Yes that happened when I tried to register with ADP to look at my pay stubs from a former employer.

I’m guessing some have a filter that rejects you if you’re not a traditional dot com, org, edu, or gov.

(edit) or a two letter country domain.

Don’t forget .net I’ve not had any problems with my .net domain thus far even if .net does seem to be the red headed step child of tlds.

Here’s to hoping your test email doesn’t bounce

Like any list-server, it should have been broadcast within a minute or two. But it never came back, so it has 4 days to go, a definite bounce. I send a test email to one of my groups.io daily for several weeks, so I will get get one today sometime 5 days old, like peas-porridge in the pot.

Not to nitpick here or anything but, I and many others would greatly appreciate depreciating terms like “blacklist” in favor of “blocked list”. Subconsciously, it ingrains in all contexts that “black = bad; white = good”.

We could have a big debate about this all but, let’s not. Not in this thread. It’s interesting and this is more of a bandage but overall should help to some degree after enough time.

Thanks.

Nope I’m fine with blacklist.

If your email is going to be rejected, what better way to feel rejected?

It isn’t going away, you’d have to re-code every email server that has the word hardcoded in their automated bounce program for error 554.

And rename blackhole into blockhole

Maybe this argument could be taken to Round Table. It is obviously political. People are obviously not going to agree.

No matter what word is used to describe it, email is not working and that’s a bad thing.

It occurred to me that you ought to have censored out your email address above.

Have you contacted gmx? To make progress on this you need to know whether gmx is doing their own blacklisting or they are relying on an external blacklist provider. If the latter then there will be more finger pointing and so you would need to contact the external provider.

Yes take that argument to the round table - with a new thread.

But this thread stays, let this thread die the natural old thread death.

L1 is still getting blocked at groups.io